Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Hacker on my Gallery  (Read 10022 times)

0 Members and 1 Guest are viewing this topic.

LACA Rio

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
  • I'd rather be diving
    • LACA
Hacker on my Gallery
« on: July 06, 2006, 07:16:36 pm »

Hi,

How some hackers can include private albums in my gallery (1.3.5) if theres is no permission for that in the configuration setup?

thanks,

Luiz
« Last Edit: July 09, 2006, 01:05:18 am by GauGau »
Logged
Luiz Araujo

Nibbler

  • Guest
Re: Hacker on my Gallery
« Reply #1 on: July 06, 2006, 07:24:25 pm »

What do you mean by 'include' ?
Logged

Sami

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 3686
  • BMossavari
    • My Project
Re: Hacker on my Gallery
« Reply #2 on: July 06, 2006, 07:27:13 pm »

check your gallery for xxx.php.rar files
he probable inject a shell to his/her personal gallery or one of public gallery and then ...
Logged
‍I don't answer to PM with support question
Please post your issue to related board

LACA Rio

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
  • I'd rather be diving
    • LACA
Re: Hacker on my Gallery
« Reply #3 on: July 07, 2006, 07:57:54 pm »

Thanks for help me.

Unfortunely, I have already been deleted the member...
He was registered on my gallery and (I don't know how) he post a personal and empty album.

Regards,

Luiz
Logged
Luiz Araujo

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Hacker on my Gallery
« Reply #4 on: July 08, 2006, 09:33:01 am »

To finally make sure that your gallery is safe against the rar vulnerability, upgrade to the most recent version of the cpg1.4.x series (currently cpg1.4.8). Make sure to edit the allowed document file types as suggested in the announcement thread.
Logged

LACA Rio

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 28
  • I'd rather be diving
    • LACA
Re: Hacker on my Gallery
« Reply #5 on: July 08, 2006, 07:07:25 pm »

Nice to hear from you Gaugau,

The guy upload a folder (chase) in the "albums/edit" folder of my gallery and then use it to make phishing.
Now, I upgraded to cpg 1.4.x series.

Regards,

Luiz
Logged
Luiz Araujo
Pages: [1]   Go Up
 

Page created in 0.026 seconds with 20 queries.