Smartor Photo Album for phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' variable upon submission to the 'album_cat.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. NOTE: Subsequent examination after vendor dispute suggests there are no occurances of a "bsid" variable in the Smartor Photo Album distribution. It is possible this issue applies to custom installations, or unsanitized variables in phpBB are passed to this script.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

• Bugtraq ID: 13157
• Related OSVDB ID: 15931 15933
• CVE ID: 2005-1115 (see also: NVD)
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0190.html
  http://attrition.org/pipermail/vim/2006-June/thread.html
• Other Advisory URL: http://digitalparadox.org/viewadvisories.ah?view=21
• Vendor Specific News/Changelog Entry: http://osvdb.org/ref/15/1593x-smartor-reply.txt
• Vendor URL: http://smartor.is-root.com/viewtopic.php?t=3021

• Diabolic Crab - dcrabhackerscenter.com - Personal Page