CVE-2006-1412

TFT Gallery 0.10 - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1412. PoCs published by undefined1_.

AI-analyzed exploit summary This exploit targets an information disclosure vulnerability in tftgallery 0.10 by retrieving the admin password hash via an HTTP request to the '/admin/passwd' endpoint. It then checks if the password is the default 'admin' or suggests using John the Ripper for cracking.

Description

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.

Exploits (1)

exploitdb WORKING POC VERIFIED

by undefined1_ · perlwebappsphp

https://www.exploit-db.com/exploits/1611

View Code ZIP pw:eip

This exploit targets an information disclosure vulnerability in tftgallery 0.10 by retrieving the admin password hash via an HTTP request to the '/admin/passwd' endpoint. It then checks if the password is the default 'admin' or suggests using John the Ripper for cracking.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: tftgallery 0.10

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK