Bugtraq mailing list archives
DUgallery 3.0 / Remote Admin Bug
From: spymeta () yahoo com
Date: 16 Aug 2009 18:39:20 -0000
Hi Everybody! Application : DUgallery 3.0 Risk : High Risk Connecting : Remote Admin Normally, DUGallery 3.0 Admin Pannel is : http://*******.Com/Accessories/admin/default.asp But We Can Connect Admin Pannel (No UserName and No PassWord) this page ; http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID] We Can Connect (Direct) Admin Pannel On this page and we can include script, index, etc... Everything... How can close this bug ? Very easy, if we add an acces on this page (UserName and Password Control) , we can close this bug... Credit : SPYMETA www.ProWebLine.Org ProWebLine Information Security Technology / ProWebLine Organization
Current thread:
- DUgallery 3.0 / Remote Admin Bug spymeta (Aug 17)