Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: webadmin.php upload hack  (Read 7606 times)

0 Members and 1 Guest are viewing this topic.

nautis

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
webadmin.php upload hack
« on: June 26, 2006, 05:21:41 pm »

Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew
Logged

Justttt

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 170
    • Trippy-ILLusion.Co.Uk
Re: webadmin.php upload hack
« Reply #1 on: June 26, 2006, 05:24:35 pm »

i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar  nd paste the code in here maybe someone can tell you what the file is  ::)
Logged
J U S T T T T

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: webadmin.php upload hack
« Reply #2 on: June 26, 2006, 05:25:49 pm »

Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew
Yes. Please upgrade to 1.4.8. Search for any other backdoor files and remove them. Change your admin password.
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: webadmin.php upload hack
« Reply #3 on: June 26, 2006, 05:26:57 pm »

i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar  nd paste the code in here maybe someone can tell you what the file is  ::)
Yes, they could. http://forum.coppermine-gallery.net/index.php?topic=31671.0
Logged

nautis

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: webadmin.php upload hack
« Reply #4 on: June 27, 2006, 06:35:00 pm »

i had already upgraded to the latest version. i deleted the file, but you find out more about it here: http://wacker-welt.de/webadmin/. is there a way i can turn off uploading archives?
Logged

Nibbler

  • Guest
Re: webadmin.php upload hack
« Reply #5 on: June 27, 2006, 06:56:25 pm »

Set the allowed filetypes to whatever you like in config.
Logged
Pages: [1]   Go Up
 

Page created in 0.023 seconds with 19 queries.