Hello 3APA3A!
I want to warn you about multiple security vulnerabilities in Pigalle.
These are Information Leakage, Full path disclosure and Cross-Site
Scripting vulnerabilities.
Information Leakage:
Versions of PHP, MySQL and web server are shown in meta-tags in source of
all pages.
Full path disclosure:
http://site/index.php?start=1'
http://site/index.php?mode=view&alb=IBM_Stucki&pic=1
http://site/index.php?mode=view&alb=1
http://site/index.php?mode=view
http://site/index.php?mode=album
http://site/index.php?mode=album&alb=1
http://site/index.php?mode=view&alb=IBM_Stucki&pic=Image3.jpg&size='
XSS:
Vulnerable are Pigalle 0.76-alpha and previous versions.
I mentioned about these vulnerabilities in Pigalle at my site
(http://websecurity.com.ua/3503/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua