intitle:"album permissions" "Users who can modify photos" "EVERYBODY"

Google dork Description: intitle:"album permissions" "Users who can modify photos" "EVERYBODY"
Google search: intitle:"album permissions" "Users who can modify photos" "EVERYBODY"
Submited: 2004-06-02
Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and upload pictures to it. In some installations Gallery lets you access the Admin permission page album_permissions.php without authentication. Even if not "everybody" has modify rights, an attacker can do a search for "users who can see the album" to retrieve valid usernames for the gallery.