A large majority of PHP Images Gallery Technologies now handle the Exchangeable Image File (EXIF) header of jpeg files. The Exchangeable Image File (EXIF) format is an international specification that lets imaging companies encode metadata information into the headers or application segments of a JPEG file. Unfortunately the metadata gathered in the EXIF header are not well sanitized when displayed.
* Coppermine version 1.3.3 and prior
* Gallery version 1.5.1-RC2 and prior
* phpGraphy version 0.9.9a and prior
* YaPig version 0.95 and prior
* Coppermine version 1.4.1
* phpGraphy version 0.9.10
Adding malicious content to a JPEG image in the EXIF section, allow attackers to perform a cross site scripting attack when some PHP based galleries displays the image content.
Proof of Concept:
Use a .JPG file, and edit it's EXIF section, and replace it's content to < script> alert (document.cookie) < /script>
and upload the image into an on-line galleries, and make it display the image.
The information has been provided to all concerned Project Managers the 17th of August 2005.