Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

DUgallery 3.0 / Remote Admin Bug

From: spymeta () yahoo com
Date: 16 Aug 2009 18:39:20 -0000
Hi Everybody! 

Application : DUgallery 3.0
Risk        : High Risk
Connecting  : Remote Admin

Normally, DUGallery 3.0 Admin Pannel is : 

http://*******.Com/Accessories/admin/default.asp

But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;

http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID]

We Can Connect (Direct) Admin Pannel On this page and we can include script, index, etc... Everything...

How can close this bug ? 

Very easy, if we add an acces on this page (UserName and Password Control) , we can close this bug...

Credit : SPYMETA

www.ProWebLine.Org 

ProWebLine Information Security Technology / ProWebLine Organization
Previous By Date Next
Previous By Thread Next

Current thread: