Coppermine Photo Gallery index.php file Variable Traversal Arbitrary File Access

2006-04-14T08:02:36
ID OSVDB:24744
Type osvdb
Reporter OSVDB
Modified 2006-04-14T08:02:36

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Manual Testing Notes

http://[target]/index.php?file=.//././/././/././/./[file]%00

References:

Vendor URL: http://coppermine.sourceforge.net/ Secunia Advisory ID:19665 Other Advisory URL: http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0312.html FrSIRT Advisory: ADV-2006-1392 CVE-2006-1909 Bugtraq ID: 17570