Related information

PHP, ASP, CGI web applications security vulnerabilities

[SA15736] amaroK Web Frontend Exposure of User Credentials

[SA15738] Contelligent Preview Privilege Escalation Vulnerability

[SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure

[SA15705] ATutor Cross-Site Scripting Vulnerabilities

From:	thegreatone2176_(at)_yahoo.com <thegreatone2176_(at)_yahoo.com>
Date:	14.06.2005
Subject:	singapore v0.9.11 cross site scripting and path disclosure

Because of singapores heavy use of classes it has multiple path disclosure occurences. The following pages
all produced class related errors when navigating directly to them in your browser.

gallery/includes/admin.class.php
templates/admin_default/ all the .tpl.php files
templates/default/ all the the .tpl.php files

Also the gallery $_GET parameter on www.site.com/index.php is not properly checked leading to cross site
scripting.  We used
http://www.site.com/index.php?gallery=%3Cimg%20onmouseover=%22alert(
'hi')%22%20style=%22position:%20absolute;%20top:
0px;%20left:%200px;%20width:%201000%;%20height:
%201000%;%22%3E
and other similar scripts to produce the xss.