|Google Dork Description: intitle:"album permissions" "Users who can modify photos" "EVERYBODY"||GHDB-ID: 264|
|Google Search: intitle:"album permissions" "Users who can modify photos" "EVERYBODY"||EDB-ID: N/A|
Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and upload pictures to it. In some installations Gallery lets you access the Admin permission page album_permissions.php without authentication. Even if not "everybody" has modify rights, an attacker can do a search for "users who can see the album" to retrieve valid usernames for the gallery.