forum.coppermine-gallery.net
Support => cpg1.5.x Support => cpg1.5 miscellaneous => Topic started by: allvip on March 31, 2014, 11:44:33 am
-
6Scan suggested to add a code for every malware found to thumbnails.php and displayimage.php to manually fix the malware.
Did I do the right way?Is the malware still on my gallery?
-
I asked the host to reset my acoount the way it was before I sign up with them.
I have the gallery in my pc with the files when everything was fine.I will reupload.
-
For these 'vulnerabilities', 6scan isn't seeing Coppermine's use of Inspekt - which is used to sanitize all input from $_REQUEST variables (includes $_GET' $_POST, etc...)
The suggested change won't hurt, but the contents of $_GET['cat'] is validated by calls to Inspekt..
See the usage of 'supercage' and validations like 'getINT' that insure the variable contains only an integer (and not SQL injection....)
-
I don't recommend to use websites that just list each parameter they can find as possible vulnerability. Cheeky way to earn money IMHO.