Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Upload Security Issue 1.4.16 and Prior  (Read 3177 times)

0 Members and 1 Guest are viewing this topic.

Nookster

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Upload Security Issue 1.4.16 and Prior
« on: April 11, 2008, 09:39:03 am »

My website got hacked today; I chased it down to a small PHP script that was named with a .jpg extension and uploaded.  Even though CopperMine won't let you place the file, it still ends up in the album directory.  The path of the album directory can be easily determined by viewing previously uploaded photographs.  This let the attacker execute the PHP script which then appended an iframe onto over 1200 of my web pages that served up a virus to unsuspecting web surfers.

I was running 1.4.12, but I tried the exploit after upgrading to 1.4.16 and it still worked.  Uploads need to go into a directory different from the final viewable directory and not accessible from the web until verified as a valid image file.
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2165
  • Spread the PHP Web
    • Ranium Systems
Re: Upload Security Issue 1.4.16 and Prior
« Reply #1 on: April 11, 2008, 10:01:42 am »

How can a file with .jpg extension be executed as a PHP script? This can only be done if the server is not configured properly. Not a cpg issue imho.

Perhaps a link to the affected site might help. If you don't want to disclose the link in public then you can PM it to me.
Logged
Chief Geek at Ranium Systems

marian

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 160
    • BYM Photo Gallery
Re: Upload Security Issue 1.4.16 and Prior
« Reply #2 on: April 11, 2008, 11:13:27 am »

How can a file with .jpg extension be executed as a PHP script? This can only be done if the server is not configured properly. Not a cpg issue imho.

Perhaps a link to the affected site might help. If you don't want to disclose the link in public then you can PM it to me.
Abbas, I'm pretty sure this is related to the cdpuvbhfzz.com problem. I've taken the liberty of starting a thread in the hope that Nookster and others might be able to help each other, without bothering you people. http://forum.coppermine-gallery.net/index.php/topic,51791.0.html
Ciao
Marian
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2165
  • Spread the PHP Web
    • Ranium Systems
Re: Upload Security Issue 1.4.16 and Prior
« Reply #3 on: April 11, 2008, 12:52:35 pm »

@Marian: It might be.

@Nookster: Can you zip that jpg file and attach it here?
Logged
Chief Geek at Ranium Systems

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Upload Security Issue 1.4.16 and Prior
« Reply #4 on: April 11, 2008, 06:11:21 pm »

Marian: butt out of this thread!
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 20 queries.