forum.coppermine-gallery.net

Support => cpg1.5.x Support => cpg1.5 miscellaneous => Topic started by: allvip on March 31, 2014, 11:44:33 am

Title: MALWARE removal
Post by: allvip on March 31, 2014, 11:44:33 am

6Scan suggested to add a code for every malware found to thumbnails.php and displayimage.php to manually fix the malware.

Did I do the right way?Is the malware still on my gallery?

Title: Re: MALWARE removal
Post by: allvip on March 31, 2014, 12:11:50 pm

I asked the host to reset my acoount the way it was before I sign up with them.
I have the gallery in my pc with the files when everything was fine.I will reupload.

Title: Re: MALWARE removal
Post by: gmc on March 31, 2014, 01:44:24 pm

For these 'vulnerabilities', 6scan isn't seeing Coppermine's use of Inspekt - which is used to sanitize all input from $_REQUEST variables (includes $_GET' $_POST, etc...)

The suggested change won't hurt, but the contents of $_GET['cat'] is validated by calls to Inspekt..
See the usage of 'supercage' and validations like 'getINT' that insure the variable contains only an integer (and not SQL injection....)

Title: Re: MALWARE removal
Post by: Αndré on March 31, 2014, 02:42:18 pm

I don't recommend to use websites that just list each parameter they can find as possible vulnerability. Cheeky way to earn money IMHO.