Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: 1 [2]   Go Down

Author Topic: Coppermine-driven galleries hit by RAR exploit  (Read 75695 times)

0 Members and 1 Guest are viewing this topic.

AndrewRH

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
    • The Reeves-Hall Family
Re: Coppermine-driven galleries hit by RAR exploit
« Reply #20 on: December 01, 2006, 11:47:21 am »

I followed the suggestion to contact my ISP regarding this vulnerability.   After convincing them it was not a purely Coppermine issue (prior to 1.4.6), this is what they had to say:

>You're correct in stating that files with the .php.rar extension are
>parsed as PHP files, and that your sites visitors can upload such files
>to your webspace through a script, and have these files executed as PHP.
>
>This is not a vulnerability on our part. If you allow users to upload
>files via a script, they can also upload regular .php files as well and
>have them executed. Furthermore, you can control the MIME types of your
>files via a .htaccess file to prevent this..
Logged
~Andrew~

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Coppermine-driven galleries hit by RAR exploit
« Reply #21 on: December 02, 2006, 08:07:41 am »

This has long been fixed, do as we suggest and upgrade. It doesn't make sense to argue about outdated versions. Locking.
Logged
Pages: 1 [2]   Go Up
 

Page created in 0.024 seconds with 20 queries.