intitle:"album permissions" "Users who can modify photos" "EVERYBODY"

GHDB-ID:

264

Author:

anonymous

Google Dork Description:

intitle:"album permissions" "Users who can modify photos" "EVERYBODY"

Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and upload pictures to it. In some installations Gallery lets you access the Admin permission page album_permissions.php without authentication. Even if not "everybody" has modify rights, an attacker can do a search for "users who can see the album" to retrieve valid usernames for the gallery.