|
Hi Everybody! =0D
=0D
Application : DUgallery 3.0=0D
Risk : High Risk=0D
Connecting : Remote Admin=0D
=0D
Normally, DUGallery 3.0 Admin Pannel is : =0D
=0D
http://*******.Com/Accessories/admin/default.asp=0D
=0D
But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;=0D
=0D
http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID]=0D
=0D
We Can Connect (Direct) Admin Pannel On this page and we can include script, index, etc... Everything...=0D
=0D
How can close this bug ? =0D
=0D
Very easy, if we add an acces on this page (UserName and Password Control) , we can close this bug...=0D
=0D
Credit : SPYMETA=0D
=0D
www.ProWebLine.Org =0D
=0D
ProWebLine Information Security Technology / ProWebLine Organization