AOH :: HP Unsorted D :: BT-21494.HTM

DUgallery 3.0 / Remote Admin Bug



DUgallery 3.0 / Remote Admin Bug
DUgallery 3.0 / Remote Admin Bug



Hi Everybody! =0D
=0D
Application : DUgallery 3.0=0D
Risk        : High Risk=0D
Connecting  : Remote Admin=0D
=0D
Normally, DUGallery 3.0 Admin Pannel is : =0D
=0D
http://*******.Com/Accessories/admin/default.asp=0D 
=0D
But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;=0D
=0D
http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID]=0D 
=0D
We Can Connect (Direct) Admin Pannel On this page and we can include script, index, etc... Everything...=0D
=0D
How can close this bug ? =0D
=0D
Very easy, if we add an acces on this page (UserName and Password Control) , we can close this bug...=0D
=0D
Credit : SPYMETA=0D
=0D
www.ProWebLine.Org =0D 
=0D
ProWebLine Information Security Technology / ProWebLine Organization

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.