Print

[sunsuron]

Someone registered at my gallery and uploaded a RAR file. When I click, it firefox shows this PHP codes. I am not programmer but just for precaution I changed my password immediately, banned the user and delete the RAR file. Is there anything I should worry about what this PHP script is capable of ruining my gallery?

**EDIT** removed malicious script  - Donnoman

[donnoman]

I removed the text of the script because we don't need to disclose the source here to allow other copycats.  If they want it they can go get it from dedicated hacker sites.

This is not a vulnerability of Coppermine, it is a vulnerability because your host is using mod-mime for Apache. Discuss this with your host, and you should probably mail THEM the script so they can assess what damage was potentially done, to yours and to other sites hosted on the same server as yours.

You can prevent this in the future by carefully limiting which types of files you allow users to upload.

The safest configuration only allows, .jpg and .gif files to be uploaded.

Please see the documentation link here for more information: http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#admin_picture_thumbnail

[Joachim Müller]

As Donnoman suggested this is a webserver-vulnerability (or rather, a misdocumented feature). The so-called "rar"-explot has been taken care of some time ago. Coppermine renames all uploaded file by replacing all dots in file names (except the last one that separates the actual file name from the extension). Make sure that you run the most recent coppermine version to avoid such issues in the future.

Details can be found in the thread "Coppermine-driven galleries hit by RAR exploit" and "Maintenance release CPG1.4.6 protects against Apache's .rar vulnerability"