Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Security hole  (Read 5068 times)

0 Members and 1 Guest are viewing this topic.

kapou

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Security hole
« on: June 18, 2006, 12:42:02 pm »

Hi. I think there is a big security hole in your software. I recieved a fake paypal e-mail linking to this url : http://www.numbernineteen.co.uk/Coppermine/sql/cgi-bin/update/paypalsignup/onlineid-sessionload/sessiondid=2335454893_Secured152388884&Update/index.htm
... This page is on the website of a coppermine user apparently and I don't think he is aware of what it is used for. If you can, you should try to inform him ! jon.
« Last Edit: June 21, 2006, 04:57:51 pm by Paver »
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Security hole
« Reply #1 on: June 18, 2006, 12:55:09 pm »

This user's using an old version of coppermine (1.3.2)
If he upgrades his server software with the same carefulness as he does upgrade the coppermine software I'm sure there are some options for hackers uploading phishing sites. To hide that page deep in the directory structure is normal practise.

I've no clue at all how to whois a co.uk domain. So if someone could find out that guys email addy and tell him about this phishing site (or his host) this'll be much appreciated.

kapou

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Security hole
« Reply #2 on: June 18, 2006, 12:58:47 pm »

This user's using an old version of coppermine (1.3.2)
If he upgrades his server software with the same carefulness as he does upgrade the coppermine software I'm sure there are some options for hackers uploading phishing sites. To hide that page deep in the directory structure is normal practise.

I've no clue at all how to whois a co.uk domain. So if someone could find out that guys email addy and tell him about this phishing site (or his host) this'll be much appreciated.

the british whois is at http://www.nic.uk/ but I'm afraid it's not very helping, there is only the Registrant's agent name (http://www.123-reg.co.uk)
Logged

Sami

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 3686
  • BMossavari
    • My Project
Re: Security hole
« Reply #3 on: June 18, 2006, 01:01:58 pm »

he is using cpg 1.3.2 (an out of date version) and i think this is a dead gallery (not update since august 2005)
obviously they hacked it (the date of hack is 2006/06/07) and put cgi-bin there ...
« Last Edit: June 18, 2006, 01:26:08 pm by bmossavari »
Logged
‍I don't answer to PM with support question
Please post your issue to related board

Vargha

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 223
  • Persian Soldier
    • Rangarang
Re: Security hole
« Reply #4 on: June 18, 2006, 01:21:59 pm »

i tried looking for his email adress whois lookin up but it does not show
how bout sending an email to his host service http://www.123-reg.co.uk/support/contact.pl and asking them to find his email, then you can send an email to his and tell him whats goin on
Logged
Haalaa Boro Ye Chayi Vasam Dorost Kon Ta Man Ye Fekri Be Halet Bokonam ;) Ye Hendooneye Shotoriham Biyar Bizahmat :)
Visit My Site www.Rangarang.co.nr
Check Out My Gallery
www.Rangarang.co.nr/buddies
(https://forum.coppermine-gallery.net/proxy.php?request=http%3A%2F%2Fimg157.imageshack.us%2Fimg157%2F838%2Frangarang4xn.jpg&hash=3ba07919e33684bb641485ea43e1f4d5)

Sami

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 3686
  • BMossavari
    • My Project
Re: Security hole
« Reply #5 on: June 18, 2006, 01:32:10 pm »

123-reg.co.uk is domian registrar not hosting
here is some info about that site:
IP address:                     66.36.240.151
Reverse DNS:                    66-36-240-151.orbital.synhost.net.
Reverse DNS authenticity:       [Verified]
ASN:                            14361
ASN Name:                       HOPONE-DCA
IP range connectivity:          2
Registrar (per ASN):            ARIN
Country (per IP registrar):     US [United States]
Country Currency:               USD [United States Dollars]
Country IP Range:               66.36.192.0 to 66.36.255.255
the site hosted on US
I keep searching to find his/her real hosting ;)
Logged
‍I don't answer to PM with support question
Please post your issue to related board

Vargha

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 223
  • Persian Soldier
    • Rangarang
Re: Security hole
« Reply #6 on: June 21, 2006, 04:52:49 pm »

dont worry bout it bmossavari
his site has been suspended
Logged
Haalaa Boro Ye Chayi Vasam Dorost Kon Ta Man Ye Fekri Be Halet Bokonam ;) Ye Hendooneye Shotoriham Biyar Bizahmat :)
Visit My Site www.Rangarang.co.nr
Check Out My Gallery
www.Rangarang.co.nr/buddies
(https://forum.coppermine-gallery.net/proxy.php?request=http%3A%2F%2Fimg157.imageshack.us%2Fimg157%2F838%2Frangarang4xn.jpg&hash=3ba07919e33684bb641485ea43e1f4d5)
Pages: [1]   Go Up
 

Page created in 0.024 seconds with 21 queries.