Hi Everybody!

Application : DUgallery 3.0
Risk        : High Risk
Connecting  : Remote Admin

Normally, DUGallery 3.0 Admin Pannel is :

http://*******.Com/Accessories/admin/default.asp

But We Can Connect Admin Pannel (No UserName and No PassWord) this page ;

http://******.Com/Accessories/admin/edit.asp?iPic=[PictureID]

We Can Connect (Direct) Admin Pannel On this page and we can include script,
index, etc... Everything...

How can close this bug ?

Very easy, if we add an acces on this page (UserName and Password Control) ,
we can close this bug...

Credit : SPYMETA

www.ProWebLine.Org

ProWebLine Information Security Technology / ProWebLine Organization