LFI to RCE via access_log injection

Pivotx TimThumb Remote Code Execution Vuln

[o] PivotX <= Remote Code Execution Vulnerability

Software : PivotX ver 2.2.6
Vendor : http://pivotx.net/
Original Author : MaXe [ http://www.exploit-db.com/exploits/17602/ ]



[o] Vulnerability

pivotx/includes/timthumb.php



[o] Exploit

http://localhost/pivotx/includes/timthumb.php?src=[RCE]



[o] Fix

Upgrade to new version (2.3.0)

Comments