DUgallery version 3.0 suffers from a direct access administrative bypass vulnerability.
f229be20cbb39ab7cf30175f8cca2387d6355236e7ce81c4b0eaff50fd2829a3
Hi Everybody!
Application : DUgallery 3.0
Risk : High Risk
Connecting : Remote Admin
Normally, DUGallery 3.0 Admin Pannel is :
http://*******.Com/Accessories/admin/default.asp
But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;
http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID]
We Can Connect (Direct) Admin Pannel On this page and we can include script,
index, etc... Everything...
How can close this bug ?
Very easy, if we add an acces on this page (UserName and Password Control) ,
we can close this bug...
Credit : SPYMETA
www.ProWebLine.Org
ProWebLine Information Security Technology / ProWebLine Organization