phpThumb – ‘phpThumbDebug’ Information Disclosure

• Exploit Database
• 117 阅读

• 作者： mook
  日期： 2011-05-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17250/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

  # Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure # Google Dork: inurl:phpThumb.php # Date: 06/05/2011 # Author: mook # Software Link: http://phpthumb.sourceforge.net/#download # Version: 1.7.9 # Tested on: linux   Vulnerability:   Information disclosure which includes absolute system paths, os flavour, application configuration information and other installed application versions.   The vulnerability can be triggered by appending 'phpThumbDebug=" and any number from 0 to 10 to any phpThumb.php request. e.g:       The response will be an image render of the debug information.   Remediation:   The responsible code can be found in phpThumb.php itself by changing the default "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;".