forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Permissions & Access Rights => Topic started by: LACA Rio on July 06, 2006, 07:16:36 pm

Title: Hacker on my Gallery
Post by: LACA Rio on July 06, 2006, 07:16:36 pm

Hi,

How some hackers can include private albums in my gallery (1.3.5) if theres is no permission for that in the configuration setup?

thanks,

Luiz

Title: Re: Hacker on my Gallery
Post by: Nibbler on July 06, 2006, 07:24:25 pm

What do you mean by 'include' ?

Title: Re: Hacker on my Gallery
Post by: Sami on July 06, 2006, 07:27:13 pm

check your gallery for xxx.php.rar files
he probable inject a shell to his/her personal gallery or one of public gallery and then ...

Title: Re: Hacker on my Gallery
Post by: LACA Rio on July 07, 2006, 07:57:54 pm

Thanks for help me.

Unfortunely, I have already been deleted the member...
He was registered on my gallery and (I don't know how) he post a personal and empty album.

Regards,

Luiz

Title: Re: Hacker on my Gallery
Post by: Joachim Müller on July 08, 2006, 09:33:01 am

To finally make sure that your gallery is safe against the rar vulnerability, upgrade to the most recent version of the cpg1.4.x series (currently cpg1.4.8). Make sure to edit the allowed document file types as suggested in the announcement thread.

Title: Re: Hacker on my Gallery
Post by: LACA Rio on July 08, 2006, 07:07:25 pm

Nice to hear from you Gaugau,

The guy upload a folder (chase) in the "albums/edit" folder of my gallery and then use it to make phishing.
Now, I upgraded to cpg 1.4.x series.

Regards,

Luiz