——-Summary——-
Software: CPG Coppermine Photo Gallery
Software’s Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.8.stable
Class: Remote
Status: Unpatched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: Mediume-High
——-Description——-
There is a security flaw in Coppermine Photo Gallery, one of popular photo galleries in internet, that allows attacker perform an SQL INJECTION attack .Cause of trust to user’s suplied data { user agent and refferer url}, that can have qoutations, malicious people can execute sql commands in process of viewing a picture or probabley other process that gallery provides.
——-See Also——-
include/function.inc.php
function add_hit;
$query = “INSERT INTO {$CONFIG['TABLE_HIT_STATS']}
SET
pid = $pid,
search_phrase = ‘$query_term’,
Ip = ‘$_SERVER[REMOTE_ADDR]‘,
sdate = ‘$time’,
referer=’$_SERVER[HTTP_REFERER]‘,
browser = ‘$browser‘,
os = ‘$os’”;
cpg_db_query($query);
both of marked lines can exploit.
——-Conditions——-
$CONFIG['hit_details'] should be true. {meet settings of gallery in admin area}
——-Exploit——-
GET /cpg/displayimage.php?album=random&cat=0&pos=-{Not Viewd Image ID} HTTP/1.1
Host: O_O
User-Agent: ’sql commands
Keep-Alive: 300
Cookie: valid login
——-Credit——–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
imei(4}Kapda(O}IR
www.myimei.com
myimei.com/security
12 Responses to “CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack”
Something to say?
You must be logged in to post a comment.
ostad in advisory ha ro ghablesh hatman begoo 3soot bezarim too kapda . man manzooret ro oonja naafahmidam . bye
Left by farhadkey on June 12th, 2006
roger sir. but i did it:D you didnt notice :p. np btw
Left by imei on June 13th, 2006
http://secunia.com/advisories/20597/
Left by imei on June 13th, 2006
http://svn.sourceforge.net/viewcvs.cgi/coppermine?rev=3134&view=rev
http://svn.sourceforge.net/viewcvs.cgi/coppermine?rev=3132&view=rev
Left by imei on June 23rd, 2006
http://www.frsirt.com/english/advisories/2006/2317
Left by imei on June 25th, 2006
More or less nothing seems worth doing, but oh well.
I just don’t have anything to say now.
Left by fioricet on September 12th, 2007
Hi,
Very very nice site!
And please visit my forum
Left by fioricet overnight on September 12th, 2007
I feel like a complete blank.
That’s how it is.
I can’t be bothered with anything recently.
Left by butalbital fioricet on September 12th, 2007
Hello!
Excellent site, but most of messages here are not related to its contents…
Left by adipex dangers on September 12th, 2007
More or less nothing seems worth doing, but oh well.
I just don’t have anything to say now.
Left by Transsexual phenomenon on September 14th, 2007
This webpage loads very fast
What hosting provider do you use?
Left by big shemale free gallery on September 14th, 2007
Greetings!
Undoubtedly, you will reach big success with your site.
Left by adipex cheap on September 14th, 2007