Coppermine Photo Gallery init.inc.php lang Variable Local File Inclusion

2006-02-17T05:47:38
ID OSVDB:23346
Type osvdb
Reporter OSVDB
Modified 2006-02-17T05:47:38

Description

Vulnerability Description

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to init.inc.php script not properly sanitizing user input supplied to the 'lang' variable. This may allow an attacker to include a file from a local system via the thumbnails.php script that contains arbitrary commands which will be executed by the vulnerable script.

Short Description

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to init.inc.php script not properly sanitizing user input supplied to the 'lang' variable. This may allow an attacker to include a file from a local system via the thumbnails.php script that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/[path]/thumbnails.php?lang=../albums/userpics/10002/shell.zip%00

References:

Vendor URL: http://coppermine-gallery.net/index.php Security Tracker: 1015646 Secunia Advisory ID:18941 Related OSVDB ID: 23347 Other Advisory URL: http://retrogod.altervista.org/cpg_143_adv.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0308.html FrSIRT Advisory: ADV-2006-0669 CVE-2006-0872 Bugtraq ID: 16718