Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities

MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities


Exploit Title: MT.VERNON MEDIA Web-Design v1.12 “gallery.php?” &category parameter HTML Injection Security Vulnerabilities

Product: Web-Design v1.12


Vulnerable Versions: v1.12

Tested Version: v1.12

Advisory Publication: May 08, 2015

Latest Update: May 08, 2015

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)




Proposition Details:


(1) Vendor & Product Description:




Product & Vulnerable Versions:




Vendor URL & Download:

MT.VERNON MEDIA can be obtained from here,



Google Dork:

“developed by: Mt. Vernon Media”


Product Introduction Overview:

“In today’s economy every business is more focused on ROI (Return On Investment) than ever before. We’ll help you ensure a solid ROI for your website, not only making it effective and easy to use for your clients, but helping you to drive traffic to your site and ensuring effective content and design to turn traffic into solid leads, sales, or repeat customers. We offer custom design and development services tailored to your needs and specifications drawn up jointly with you to ensure that the appropriate technology is leveraged for optimum results, creating a dynamic and effective design, based on market effectiveness and user-friendly design standards. Our developers are experts in web application development using various programming languages including Perl, SQL, C, C+, and many other back-end programming languages, as well as database integration. For a view of some of your past projects, take a look at our list of clients. We handle custom development of your Internet project from conception through publication:


Internet & Intranet sites

Design concepts, layouts, and specifications

Intuitive Graphical User Interface (GUI) design

Dynamic navigation design

Creation and manipulation of graphical design elements

GIF Animation

Flash development

HTML hand-coding and debugging

JavaScript for interactivity and error-checking

ASP (Active Server Pages)

Customized Perl CGI scripts (mailing lists, form submission, etc)

Customized application development in varied programming languages

Site publication and promotion

On-going updating and maintenance

Banner ads”




(2) Vulnerability Details:

MT.VERNON MEDIA web application has a computer security bug problem. It can be exploited by stored HTML Injection attacks. Hypertext Markup Language (HTML) injection, also sometimes referred to as virtual defacement, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user’s trust.

Several other MT.VERNON MEDIA products 0-day vulnerabilities have been found by some other bug hunter researchers before. MT.VERNON MEDIA has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, solutions details related to HTML vulnerabilities.


(2.1) The first programming code flaw occurs at “&category” parameter in “gallery.php?” page.
















Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Kaleidoscope - InZeed © 2015 Frontier Theme