Coppermine Photo Gallery File Upload Vulnerability

2016.07.06
Credit: Ashiyane Digital Security Team
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"Powered by Coppermine Photo Gallery" intitle:Upload file

###################### # Exploit Title : Coppermine Photo Gallery File Upload Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://coppermine-gallery.net/ # Google Dork : intext:"Powered by Coppermine Photo Gallery" intitle:Upload file # Date: 2016/07/04 # Tested On : Kali Linux w3af / Windows 8.1 # Version : All Version ###################### # # Description Upload File: # # This CMS And Have File Upload Vulnerability. # We Can Upload Our Text Files In Out Target. # To display the files in the CMS must approve Site Management # But we bypass This security and our own files displayed fashioned way. # You can see the files in this directory yourself. # Directory: # site.com/Patch/albums/userpics/FileName.txt(jpg,png,gif,asf,asx,pdf,wav,txt,mid And ... ) # # Ok Go To Test It: # The First Search Google Dork And Select A Target # our Target: # http://www.columbiaky.com/gallery/upload.php # Select A Gallery And Upload Our Text File With ADS Name. # Ok Our File Uploaded :) # OK.Now to see just the files that address a photo from your gallery and place in the browser search # And give the file name in the following directory # site.com/Patch//albums/userpics/FileName.txt # The file that was uploaded on this site in this section # http://www.columbiaky.com/gallery/albums/userpics/A.txt # # # Demo: # http://www.dobermann-club.ro/gallery/upload.php # http://www.columbiaky.com/gallery/upload.php # http://msbca.ca/photos/upload.php # http://www.thebigeasyblues.com/coppermine/upload.php?single=1 # http://www.sitka.com/photos/upload.php # http://www.murphysborobaseball.com/cpg/upload.php?single=1 # http://www.popasmoke.com/visions/upload.php # http://www.campbellsville.com/gallery/upload.php # http://www.clannnacara.com/photo/upload.php # http://mastingallery.net/cpg145/upload.php # http://www.all-con.org/albums/upload.php?single=1 # http://beaglesuk.co.uk/gallery/upload.php # http://campmimanagish.org/gallery/upload.php?single=1 # http://www.skylge.nl/coppermine/upload.php?lang=english ###################### # discovered by : faithful ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top