Lucene search
SecurityvulnsSECURITYVULNS:DOC:22327HistoryAug 17, 2009 - 12:00 a.m.
DUgallery 3.0 / Remote Admin Bug
2009-08-1700:00:00
vulners.com
16
Hi Everybody!
Application : DUgallery 3.0
Risk : High Risk
Connecting : Remote Admin
Normally, DUGallery 3.0 Admin Pannel is :
http://*******.Com/Accessories/admin/default.asp
But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;
http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID]
We Can Connect (Direct) Admin Pannel On this page and we can include script, index, etcβ¦ Everythingβ¦
How can close this bug ?
Very easy, if we add an acces on this page (UserName and Password Control) , we can close this bugβ¦
Credit : SPYMETA
ProWebLine Information Security Technology / ProWebLine Organization