|
Brought to you by:
Suppliers of:
|
|
|
| |
| Input passed to the 'css' parameter from '/docs/showdoc.php' of Coppermine's Photo Gallery is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. |
| |
Credit:
The information has been provided by Gerendi Sandor Attila.
The original article can be found at: http://gsasec.blogspot.com/2009/04/coppermine-photo-gallery-1421-cross.html
|
| |
Vulnerable Systems:
* Coppermine Photo Gallery version 1.4.21and earlier
Immune Systems:
* Coppermine Photo Gallery version 1.4.22 and later
Vendor Response:
Users running versions prior to 1.4.22 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.
For those who want to apply the vulnerability fix manually to their Coppermine installation, open docs/showdoc.php and replace:
Code:
// harden against expolits: check the requested vars, replace illegal chars
$file = stripslashes($file);
$forbidden_chars = array("..", "/", "%", "<", ">", "$", "'", '"');
$file = str_replace($forbidden_chars, '', $file);
with the following lines:
Code:
// harden against expolits: check the requested vars, replace illegal chars
$file = stripslashes($file);
$forbidden_chars = array("..", "/", "%", "<", ">", "$", "'", '"');
$file = str_replace($forbidden_chars, '', $file);
$add_stylesheet = str_replace($forbidden_chars, '', $add_stylesheet);
|
|
|
|
|
