Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Solved]: Possible security issue in CPG v1.4.16  (Read 2720 times)

0 Members and 1 Guest are viewing this topic.

Marius

  • Coppermine newbie
  • Offline Offline
  • Posts: 13
    • Desktop Wallpapers RO
[Solved]: Possible security issue in CPG v1.4.16
« on: March 28, 2008, 06:55:01 am »

Hello
I want to announce a possible security issue in Coppermine 1.4.16, happened on my site monday, but posting this so late because i wanted to be sure.
So, some guy (program) registered on my site, using (CPG 1.4.16), and posted 1145 comments, 1 for every picture, containing spam, every comment containing 40+ lines of text, all linked, though my config for comments was for 10 lines and 512 characters max. I have found this on servers logs for that day:
..................................
66.186.33.226 - - [24/Mar/2008:00:00:02 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-789&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:03 -0400] "GET /displayimage.php?pos=-788&lang=english HTTP/1.1" 200 36357 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:08 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16175 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-788&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:09 -0400] "GET /displayimage.php?pos=-787&lang=english HTTP/1.1" 200 36496 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:14 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-787&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:16 -0400] "GET /displayimage.php?pos=-786&lang=english HTTP/1.1" 200 36430 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:21 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-786&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:22 -0400] "GET /displayimage.php?pos=-785&lang=english HTTP/1.1" 200 36295 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
64.1.215.162 - - [24/Mar/2008:00:00:25 -0400] "GET /displayimage-45-6.html HTTP/1.0" 200 29143 www.my-site.ro "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:27 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-785&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:28 -0400] "GET /displayimage.php?pos=-784&lang=english HTTP/1.1" 200 36435 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:33 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-784&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:34 -0400] "GET /displayimage.php?pos=-783&lang=english HTTP/1.1" 200 36477 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:39 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-783&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:40 -0400] "GET /displayimage.php?pos=-782&lang=english HTTP/1.1" 200 36300 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
61.247.217.36 - - [24/Mar/2008:00:00:44 -0400] "GET /thumbnails-search-Cameron&lang=albanian.html HTTP/1.1" 200 23786 www.my-site.ro "-" "Yeti/1.0 (+http://help.naver.com/robots/)" "-"
64.1.215.162 - - [24/Mar/2008:00:00:44 -0400] "GET /slideshow-lastup--25-336-4000.html HTTP/1.0" 200 21549 www.my-site.ro "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:45 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-782&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:47 -0400] "GET /displayimage.php?pos=-781&lang=english HTTP/1.1" 200 36302 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
.........................................................................

and so on.
I want to mention this, captcha 3.0 plugin was not installed at that time, my mistake...
If this is a false alarm,i apologize in advance, but for a non technical person like me this looks like an automated sql injection attack from this IP, 66.186.33.226 (probably dynamicaly generated), using "db_input.php" statement. Please someone from CPG technical staff advice on this matter.

Best regards

« Last Edit: March 29, 2008, 10:05:16 am by Joachim Müller »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Possible security issue in CPG v1.4.16
« Reply #1 on: March 28, 2008, 08:20:37 am »

How is this supposed to be a security issue? If you allow guest comments, this is to be expected.
Logged

Marius

  • Coppermine newbie
  • Offline Offline
  • Posts: 13
    • Desktop Wallpapers RO
Re: Possible security issue in CPG v1.4.16
« Reply #2 on: March 29, 2008, 06:00:09 am »

I didn't, comments are enabled only to registered, that's exactly the point, pls read more carrefully my post:
Quote
...some guy (program) registered on my site, using (CPG 1.4.16), and posted 1145 comments,...
Logged

Marius

  • Coppermine newbie
  • Offline Offline
  • Posts: 13
    • Desktop Wallpapers RO
Re: Possible security issue in CPG v1.4.16
« Reply #3 on: March 29, 2008, 06:39:02 am »

After reading more in this forum i see that comments spam is a well known issue, found this mod (linked to most relevant post for my problem)
Logged
Pages: [1]   Go Up
 

Page created in 0.026 seconds with 20 queries.