Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Hacker on my Gallery  (Read 9431 times)

0 Members and 1 Guest are viewing this topic.

LACA Rio

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
  • I'd rather be diving
    • LACA
Hacker on my Gallery
« on: July 06, 2006, 07:16:36 pm »

Hi,

How some hackers can include private albums in my gallery (1.3.5) if theres is no permission for that in the configuration setup?

thanks,

Luiz
« Last Edit: July 09, 2006, 01:05:18 am by GauGau »
Logged
Luiz Araujo

Nibbler

  • Guest
Re: Hacker on my Gallery
« Reply #1 on: July 06, 2006, 07:24:25 pm »

What do you mean by 'include' ?
Logged

Sami

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 3686
  • BMossavari
    • My Project
Re: Hacker on my Gallery
« Reply #2 on: July 06, 2006, 07:27:13 pm »

check your gallery for xxx.php.rar files
he probable inject a shell to his/her personal gallery or one of public gallery and then ...
Logged
‍I don't answer to PM with support question
Please post your issue to related board

LACA Rio

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
  • I'd rather be diving
    • LACA
Re: Hacker on my Gallery
« Reply #3 on: July 07, 2006, 07:57:54 pm »

Thanks for help me.

Unfortunely, I have already been deleted the member...
He was registered on my gallery and (I don't know how) he post a personal and empty album.

Regards,

Luiz
Logged
Luiz Araujo

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Hacker on my Gallery
« Reply #4 on: July 08, 2006, 09:33:01 am »

To finally make sure that your gallery is safe against the rar vulnerability, upgrade to the most recent version of the cpg1.4.x series (currently cpg1.4.8). Make sure to edit the allowed document file types as suggested in the announcement thread.
Logged

LACA Rio

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
  • I'd rather be diving
    • LACA
Re: Hacker on my Gallery
« Reply #5 on: July 08, 2006, 07:07:25 pm »

Nice to hear from you Gaugau,

The guy upload a folder (chase) in the "albums/edit" folder of my gallery and then use it to make phishing.
Now, I upgraded to cpg 1.4.x series.

Regards,

Luiz
Logged
Luiz Araujo
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.