Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: webadmin.php upload hack  (Read 6641 times)

0 Members and 1 Guest are viewing this topic.

nautis

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
webadmin.php upload hack
« on: June 26, 2006, 05:21:41 pm »

Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew
Logged

Justttt

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 170
    • Trippy-ILLusion.Co.Uk
Re: webadmin.php upload hack
« Reply #1 on: June 26, 2006, 05:24:35 pm »

i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar  nd paste the code in here maybe someone can tell you what the file is  ::)
Logged
J U S T T T T

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: webadmin.php upload hack
« Reply #2 on: June 26, 2006, 05:25:49 pm »

Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew
Yes. Please upgrade to 1.4.8. Search for any other backdoor files and remove them. Change your admin password.
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: webadmin.php upload hack
« Reply #3 on: June 26, 2006, 05:26:57 pm »

i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar  nd paste the code in here maybe someone can tell you what the file is  ::)
Yes, they could. http://forum.coppermine-gallery.net/index.php?topic=31671.0
Logged

nautis

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: webadmin.php upload hack
« Reply #4 on: June 27, 2006, 06:35:00 pm »

i had already upgraded to the latest version. i deleted the file, but you find out more about it here: http://wacker-welt.de/webadmin/. is there a way i can turn off uploading archives?
Logged

Nibbler

  • Guest
Re: webadmin.php upload hack
« Reply #5 on: June 27, 2006, 06:56:25 pm »

Set the allowed filetypes to whatever you like in config.
Logged
Pages: [1]   Go Up
 

Page created in 0.028 seconds with 19 queries.