Hi Everybody! Application : DUgallery 3.0 Risk : High Risk Connecting : Remote Admin Normally, DUGallery 3.0 Admin Pannel is : http://*******.Com/Accessories/admin/default.asp But We Can Connect Admin Pannel (No UserName and No PassWord) this page ; http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID] We Can Connect (Direct) Admin Pannel On this page and we can include script, index, etc... Everything... How can close this bug ? Very easy, if we add an acces on this page (UserName and Password Control) , we can close this bug... Credit : SPYMETA www.ProWebLine.Org ProWebLine Information Security Technology / ProWebLine Organization
