bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/17250.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

26 lines
No EOL
802 B
Text
Raw Blame History

# Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure
# Google Dork: inurl:phpThumb.php
# Date: 06/05/2011
# Author: mook
# Software Link: http://phpthumb.sourceforge.net/#download
# Version: 1.7.9
# Tested on: linux
Vulnerability:
Information disclosure which includes absolute system paths, os
flavour, application configuration information and other installed
application versions.
The vulnerability can be triggered by appending 'phpThumbDebug=" and
any number from 0 to 10 to any phpThumb.php request. e.g:
The response will be an image render of the debug information.
Remediation:
The responsible code can be found in phpThumb.php itself by changing
the default "$PHPTHUMB_CONFIG['disable_debug'] = false;" to
"$PHPTHUMB_CONFIG['disable_debug'] = true;".
Reference in a new issue View git blame Copy permalink