This writeup describes Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerabilities in Ananta_Gazelle CMS 1.0. The LFI exploit leverages improper input validation in the 'language' parameter, while the XSS vulnerabilities are demonstrated via crafted URLs.
Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Ananta_Gazelle CMS 1.0
No auth needed
Prerequisites:Access to the target web application