[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DUgallery 3.0 / Remote Admin Bug

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: DUgallery 3.0 / Remote Admin Bug
From: spymeta@xxxxxxxxx
Date: 16 Aug 2009 18:39:20 -0000

Hi Everybody! 

Application : DUgallery 3.0
Risk        : High Risk
Connecting  : Remote Admin

Normally, DUGallery 3.0 Admin Pannel is : 

http://*******.Com/Accessories/admin/default.asp

But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;

http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID]

We Can Connect (Direct) Admin Pannel On this page and we can include script, 
index, etc... Everything...

How can close this bug ? 

Very easy, if we add an acces on this page (UserName and Password Control) , we 
can close this bug...

Credit : SPYMETA

www.ProWebLine.Org 

ProWebLine Information Security Technology / ProWebLine Organization

Prev by Date: [ MDVSA-2009:203 ] curl
Next by Date: [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies
Previous by thread: [ MDVSA-2009:203 ] curl
Next by thread: [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies
Index(es):
- Date
- Thread