Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: BiG BUG!!! no need to update c-m !!!!  (Read 2416 times)

0 Members and 1 Guest are viewing this topic.

voffkin

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
BiG BUG!!! no need to update c-m !!!!
« on: November 24, 2007, 05:28:24 am »

Hi my frends.........i see source of your coppermine.....

my coppermine 1.4.12 shows me empty pages.... after install...i think that some
functions disabled or not work properly in mine php.ini for copppermine....
I search existing error_reporting(*); in all scripts that works in /coppermine/
and find many-many lines of error_reporting(many variables); in some php's

this is really confuzed me!!!!!!!!!
but this is not a problem.... some debugs and i determine wich error_report will work on 100%
and wich i need to comment it  //

BiG bug is.... in the script in root dir, named phpinfo.php
....i find it when search error_reporting();
As u know phpinfo(); shows all info about server's software and it's variables and versions!!!!!!!!!
....and shows all installed dll's in php.ini........
PPL....creators.... did U know that huckers can crash YOUR server
knowen only this info ? ? ? ?

and updates will not save your system.... while THIS script is
opened to all........ not only for admin or test
« Last Edit: November 25, 2007, 01:07:51 pm by GauGau »
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: BiG BUG!!! no need to update c-m !!!!
« Reply #1 on: November 24, 2007, 05:53:12 am »

The coppermine phpinfo.php page will not show details unless you're logged in as admin. If yours is showing it to all, perhaps it's not a Coppermine file. Specifically, this would prevent nonadmin access:
Code: [Select]
if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied']);

In the future, please be careful before you shout "bug!" in a developer forum. It's like shouting fire in a crowded theatre when there is no fire.
Logged

voffkin

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
Re: BiG BUG!!! no need to update c-m !!!!
« Reply #2 on: November 24, 2007, 01:39:53 pm »

.....heh...... but i have been hacked :(


thanx a lot........
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: BiG BUG!!! no need to update c-m !!!!
« Reply #3 on: November 25, 2007, 01:06:26 pm »

Your initial posting clearly shows that you have no idea what you're talking about. As Thu suggested: the phpinfo.php file we provide will do no harm unless a possible attacker has already obtained your admin credentials. If he managed to accomplish this, you should have more serious issues on your mind than an open phpinfo page. If your gallery has been hacked, then ask yourself: have you been running the most recent stable release when you have been hacked? If yes: post what the attacker did and what happened. Your initial report is just invalid.

Shouting bug the way you did is just ignorant. If you have to report an actual bug: report it. If you need help: ask for help. Just posting irrelevant error_reporting pseudo-coder-talk doesn't turn your posting into a valid report, but shows that you haven't made your homework. We don't expect our users to be coders - being "just a user" is fine. However, if you want to play with the big boys and girls, make sure that you can stay level with us, i.e. that you understand what you're talking about.

The fact that you even posted your wannabe-bugreport on the wrong board (cpgNG testing/bugs) shows that you really have no idea nor do you respect board rules.
« Last Edit: November 25, 2007, 02:11:22 pm by GauGau »
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 20 queries.