Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: MALWARE removal  (Read 2254 times)

0 Members and 1 Guest are viewing this topic.

allvip

  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Posts: 1362
MALWARE removal
« on: March 31, 2014, 11:44:33 am »

6Scan suggested to add a code for every malware found to thumbnails.php and displayimage.php to manually fix the malware.

Did I do the right way?Is the malware still on my gallery?
Logged

allvip

  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Posts: 1362
Re: MALWARE removal
« Reply #1 on: March 31, 2014, 12:11:50 pm »

I asked the host to reset my acoount the way it was before I sign up with them.
I have the gallery in my pc with the files when everything was fine.I will reupload.
Logged

gmc

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 785
    • GMC Design Photo Gallery
Re: MALWARE removal
« Reply #2 on: March 31, 2014, 01:44:24 pm »


For these 'vulnerabilities', 6scan isn't seeing Coppermine's use of Inspekt - which is used to sanitize all input from $_REQUEST variables (includes $_GET' $_POST, etc...)

The suggested change won't hurt, but the contents of $_GET['cat'] is validated by calls to Inspekt..
See the usage of 'supercage' and validations like 'getINT' that insure the variable contains only an integer (and not SQL injection....)
Logged
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: MALWARE removal
« Reply #3 on: March 31, 2014, 02:42:18 pm »

I don't recommend to use websites that just list each parameter they can find as possible vulnerability. Cheeky way to earn money IMHO.
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 19 queries.