forum.coppermine-gallery.net
Support => cpg1.3.x Support => Older/other versions => cpg1.3 Permissions & Access Rights => Topic started by: LACA Rio on July 06, 2006, 07:16:36 pm
-
Hi,
How some hackers can include private albums in my gallery (1.3.5) if theres is no permission for that in the configuration setup?
thanks,
Luiz
-
What do you mean by 'include' ?
-
check your gallery for xxx.php.rar files
he probable inject a shell to his/her personal gallery or one of public gallery and then ...
-
Thanks for help me.
Unfortunely, I have already been deleted the member...
He was registered on my gallery and (I don't know how) he post a personal and empty album.
Regards,
Luiz
-
To finally make sure that your gallery is safe against the rar vulnerability, upgrade to the most recent version of the cpg1.4.x series (currently cpg1.4.8). Make sure to edit the allowed document file types as suggested in the announcement thread.
-
Nice to hear from you Gaugau,
The guy upload a folder (chase) in the "albums/edit" folder of my gallery and then use it to make phishing.
Now, I upgraded to cpg 1.4.x series.
Regards,
Luiz