forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 upload => Topic started by: derperle on October 29, 2006, 06:08:22 pm
-
Some one with the name Jolicoeur has uploaded a File with the name sanyo_php.rar
Here is a link to the File: http://erwischt.er.funpic.de/cpg132/blabla.txt (http://erwischt.er.funpic.de/cpg132/blabla.txt)
Can Someone tell me what this file do and if my gallery is hacked ????
Please!!!!!!!!!!!!!!!!!!!!!1
-
Your gallery appears to be gone. I expect you were running an outdated version of Coppermine.
-
I've the Last Coppermine Version.
1.4.9
I've delete the File. What else can do. The File are in the EDIT folder and i dont give the permission to add the File in my Gallery.
Now i forbid tho upload of rar files
But is there any danger for my gallery???
-
It looks like your gallery is gone, though, isn't it?
-
Security release cpg1.4.10 - upgrade mandatory (http://forum.coppermine-gallery.net/index.php?topic=37895.0)
-
No.
My gallery is still running. But thanks for the Copppermine Security Update.
But if you check google with the keyword sanyo_php you see some gallerys wich are infected
http://www.google.de/search?q=sanyo_php&start=0&ie=utf-8&oe=utf-8&meta=lr%3Dlang_de&client=firefox-a&rls=org.mozilla:de:official (http://www.google.de/search?q=sanyo_php&start=0&ie=utf-8&oe=utf-8&meta=lr%3Dlang_de&client=firefox-a&rls=org.mozilla:de:official)
Here is my gallery: http://erwischtorg.h759617.serverkompetenz.net/cpg132/index.php (http://erwischtorg.h759617.serverkompetenz.net/cpg132/index.php)
It seems like everything is OK....
-
We're aware of this, but how should we cure those sites? Hopefully, the people who run those sites will return to coppermine's homepage and apply the fix and review security on their site.
As with nearly all similar vulnerabilities, we're not too keen to discuss details about the exploits publicly, as it would give script kiddies an idea what to do to launch attacks against unpatched galleries.
Marking thread as "solved"