 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
New advisory is out! |
 |
 Posted: Wed Jan 30, 2008 3:05 pm |
 |
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
 |
|
 |
|
|
|
|
|
| Posted: Wed Jan 30, 2008 4:44 pm |
|
|
| nox |
| Advanced user |
 |
|
| Joined: Dec 29, 2007 |
| Posts: 100 |
| Location: c://windows/system32 |
|
|
|
|
|
|
Nice work waraxe  |
|
_________________
..::::[ Waraxe.us is the BEST and the TOP ]::::.. |
|
|
|
| Posted: Sun Jun 15, 2008 2:57 am |
|
|
| Chedda |
| Active user |
 |
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
I realize this is a couple of months old, but I have found a website with an older version of coppermine and just testing out this vulnerability. I have uploaded the PoC provided, but when I click test it takes me to the vulnerable website and looks like this;
Am I missing something? I don't understand how this involves remote shell injection? Sorry ahead of time I am retarded. |
|
|
|
|
|
|
|
|
| Posted: Sun Jun 15, 2008 10:02 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
After your test try this:
http://www.***.com/gallery/include/secret.txt
If you see database credentials from config file, then PoC worked.
If no file exist, then probably target is using GD, not Imagemagik and therefore exploit will not work.
And by the way, if your goal is to test my advisory, then why don't you use localhost? Install apache/mysql/php/coppermine, activate Imagemagic and try @ localhost. This exploit is tested against linux and windows servers and it is working as expected, you can believe my words  |
|
|
|
|
|
|
|
|
| Posted: Tue Sep 16, 2008 9:26 pm |
|
|
| NiLTiMi |
| Beginner |
|
|
| Joined: Sep 17, 2008 |
| Posts: 1 |
|
|
|
|
|
|
|
| waraxe wrote: | After your test try this:
http://www.***.com/gallery/include/secret.txt
If you see database credentials from config file, then PoC worked.
If no file exist, then probably target is using GD, not Imagemagik and therefore exploit will not work.
And by the way, if your goal is to test my advisory, then why don't you use localhost? Install apache/mysql/php/coppermine, activate Imagemagic and try @ localhost. This exploit is tested against linux and windows servers and it is working as expected, you can believe my words |
It's working bro...and i got some information of thr server databse.Like-
<?php
define ( 'SILLY_SAFE_MODE' , 1 ) ;
$CONFIG['dbserver'] = 'localhost' ;
$CONFIG['dbuser' ] = 'xxxxxxx' ;
$CONFIG['dbpass' ] = 'xxxxxxx' ;
$CONFIG['dbname' ] = 'daaa0004_copp1' ;
$CONFIG['TABLE_PREFIX'] = 'cpg_' ;
?>
Im know very little about these.So what can i do with this Username n Password?can i login with these in their database server?(I tried to login in login page but not working.(then how?Please give a little hint .Thanks a lot Warex.U Rokzzzzz |
|
|
|
|
|
|
|
|
| Posted: Tue Sep 16, 2008 10:11 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
I can see some possibilities:
1. Run portscan against TCP port 3306 at target server. If it's open, then maybe you can manipulate that mysql database remotely.
2. Search for phpmyadmin interface at target server. Usually log in credentials for PMA are this same database credentials 
And by the way, you have allready remote shell command execution possibilities in target server!! Be creative |
|
|
|
|
www.waraxe.us Forum Index -> Coppermine Photo Gallery
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 219
Members: 0
Total: 219
