DUgallery 3.0 / Remote Admin Bug

2009-08-17T00:00:00
ID SECURITYVULNS:DOC:22327
Type securityvulns
Reporter Securityvulns
Modified 2009-08-17T00:00:00

Description

Hi Everybody!

Application : DUgallery 3.0 Risk : High Risk Connecting : Remote Admin

Normally, DUGallery 3.0 Admin Pannel is :

http://*.Com/Accessories/admin/default.asp

But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;

http://**.Com/Accessories/admin/edit.asp?iPic=[PictureID]

We Can Connect (Direct) Admin Pannel On this page and we can include script, index, etc... Everything...

How can close this bug ?

Very easy, if we add an acces on this page (UserName and Password Control) , we can close this bug...

Credit : SPYMETA

www.ProWebLine.Org

ProWebLine Information Security Technology / ProWebLine Organization