13 lines
No EOL
799 B
Text
13 lines
No EOL
799 B
Text
source: http://www.securityfocus.com/bid/7300/info
|
|
|
|
Coppermine Photo Gallery has been reported prone to PHP code injection attacks.
|
|
|
|
Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker may upload a malicious JPEG. The attacker may craft it in such a way that PHP code execution will occur when the image is viewed.
|
|
|
|
This attack may result in arbitrary PHP code execution in the security context of the web server that is hosting the vulnerable application.
|
|
|
|
http://www.example.com/albums/userpics/Copperminer.jpg.php?[command]
|
|
|
|
Where command can be something like "id;uname%20-a" or "cat%20/etc/passwd"
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/22473.tar.gz |