News:

CPG Release 1.6.28
added submissions from {406man}
cleaned up a few PHP (8.4) deprecations
fixed PHP deprecation in calendar
removed security vulnerability
(please upgrade when possible)

Main Menu

Search results for: rar

Adjust Search Parameters
Search order
Pages1 2 3 4 5 ... 7
#1
Announcements / Coppermine-driven galleries hit by RAR exploit
May 15, 2006, 10:21:10 AM by Joachim Müller
......  coppermine-driven gallery has been hacked by the "rar exploit". Although this issue is not related to  ............  uploads) to upload a file named "somename.php.rar" to your webspace. The file is a plain-text file  ............ /albums/userpics/10XXX/somename.php.rar). Usually, a file with the extension ".rar" is  ............  patched properly ignore that actual extension ".rar" and treat the file as if the name only were " ............  in a certain way. Files with the extension ".rar" must not be parsed by PHP. Webserver that fail  ............  my webserver is vulnerable'; ?>, name it test.php.rar, upload it to your webserver (by Coppermine  ............ " in the field, as this includes the extension "rar". Please understand that this is a workaround we  ............  notice.  Related threads: 1.4.5, still hit by rar exploit hackers (?) creating ads My Coppermine  ............  issue 1.4.4 Upload vulnerability through .rar extension for improper webserver setups upload. ............  issues on your webserver that allows not only ".rar" files to be parsed as PHP, but other file types  ......
#2
cpg1.4 permissions / ly.php.rar fkn HACKED!!!
May 15, 2006, 09:01:34 AM by Dead J. Dona
...... .php.rar   try to search by this file. Is this CG or  ......
#3
Announcements / Maintenance release CPG1.4.6 protects against Apache's .rar vulnerability
May 19, 2006, 09:28:04 PM by Joachim Müller
......  minor issues. It takes care as well of the ".rar"-exploit (that actually isn't a Coppermine bug,  ............  suggested above, cpg1.4.6 does not only fix the .rar vulnerability, but several other (minor) issues  ............ , you should at least apply the fix for the ".rar-exploit". To do so, edit include/functions.inc. ............  the last "valid" extension in the filename (rar exploit): replace all  * dots in the filename  ......
#4
cpg1.4 upload / sanyo_php.rar - Coppermine Exploit ??????
October 29, 2006, 06:08:22 PM by derperle
......  has uploaded a File with the name sanyo_php.rar  Here is a link to the File: http://erwischt.er. ......
#5
cpg1.4 miscellaneous / [Solved]: How do I change the display of zip or rar?
October 12, 2009, 04:30:24 PM by cpmbr
......  do I can change the display of zip or rar files for each file in the gallery?  Example:  ......
#6
cpg1.4 miscellaneous / xxx.php.rar exploit question
September 25, 2006, 07:12:59 PM by wmaster
......  with the apache bug which allows the xxx.php.rar exploit.  However, someone recently tried this  ............  on one of my websites. I installed the test.php.rar file to see if my webserver was vulnerable AND IT  ............  attempt failed, is because the user upload the rar file as a guest which did not immediately make  ............  user simply registered, and uploaded the xxx.php.rar file, he/she would have been able to tell what  ............  path to the .rar file was, and executed it.  So how did the 1.4.6  ............  logs dont show anyone actually executing any rar files, but these logs may have been spoofed as  ......
#7
cpg1.4 miscellaneous / Someone tried to hack myserver by uploading php.rar file
March 12, 2006, 04:01:58 PM by marion
......  upload a script file with extension name: php.rar, using this file he could get all necessary  ............  users from uploading such file with extension (RAR) and why disabling users from uploading files is  ......
#8
cpg1.4 miscellaneous / Malicious RAR
July 19, 2007, 04:17:17 AM by sunsuron
......  registered at my gallery and uploaded a RAR file. When I click, it firefox shows this PHP  ............  immediately, banned the user and delete the RAR file. Is there anything I should worry about what  ......
#9
cpg1.4 upload / 1.4.5, still hit by rar exploit
May 09, 2006, 06:51:31 AM by thejake420
......  am running 1.4.5, which supposedly patched the rar upload issue/exploit, but I've been hit with it.  ......
#10
cpg1.3 Permissions & Access Rights / Cannot delete .rar and .zip files!
July 07, 2006, 10:34:53 PM by jodest3
#11
cpg1.4 miscellaneous / *.php.rar = big problem
August 01, 2006, 08:09:06 PM by mopieo
...... (i.e. pages that have fallen victim to the xxx.php.rar exploit). It will only keep sites that haven't  ......
#12
cpg1.4 miscellaneous / How bad is the file ly_php.rar
September 20, 2007, 09:23:37 AM by sforick
......  just noticed that a user uploaded the file ly_php.rar It's a very long php script and I dont know what  ............  registering.  I can supply the php text of this rar file if needed.  Is this a known problem of  ......
#13
cpg1.3.x Support / HOTFIX for Apache's RAR/PHP Vulnerability - IMPORTANT!
June 11, 2006, 07:00:56 AM by Paver
......  breach, the current one being the "Apache RAR Exploit". Your Coppermine gallery and any other  ............  about it here: Coppermine-driven galleries hit by RAR exploit  Coppermine 1.4.6 was the first release  ............  release CPG1.4.6 protects against Apache's .rar vulnerability  You are strongly recommended to  ............  of your gallery to the currently popular "RAR Exploit", which allows someone to inject code  ......
#14
cpg1.4 miscellaneous / Re: xxx.php.rar exploit question
October 01, 2006, 03:06:11 PM by Joachim Müller
......  on the existing threads that deal with the rar exploit and the fixes, the fix we created should  ......
#15
cpg1.4 miscellaneous / Re: *.php.rar = big problem
August 01, 2006, 10:41:06 PM by Joachim Müller
......  any files matching the pattern xxx.php or xxx.php.rar inside the albums folder (there might be some  ......
#16
cpg1.4 miscellaneous / Re: How bad is the file ly_php.rar
September 20, 2007, 09:36:03 AM by Joachim Müller
......  of coppermine. The original file was named ly.php.rar (notice the dot), which would have posed a risk  ......
#17
cpg1.4.x Español (Spanish) / Re: Instalo, todo da correcto pero sale todo en blanco....
January 18, 2010, 08:04:22 PM by XiCuLiN
......  los rar....  si tienes el winrar, este compresor/ ............ , además de la extensión .rar, reconoce más, como .zip .arj .cab .gzip ... y a  ............ , solo veo "Archivo WinR..." (de Archivo WinRAR), pero si la amplio un poco, en los zip, me pone " ............  WinRAR ZIP".  Desconozco si puede venir por ahí el mal  ............ , es que desactives la opción del windows "mostrar extensiones para archivos conocidos", y así verás  ......
#18
cpg1.4 miscellaneous / Re: Malicious RAR
July 19, 2007, 08:11:48 AM by Joachim Müller
......  rather, a misdocumented feature). The so-called "rar"-explot has been taken care of some time ago.  ............  in the thread "Coppermine-driven galleries hit by RAR exploit" and "Maintenance release CPG1.4.6  ............  against Apache's .rar vulnerability" ......
#19
cpg1.4 upload / Re: 1.4.5, still hit by rar exploit
May 09, 2006, 08:00:25 AM by Joachim Müller
......  in a way that doesn't allow PHP files to pose as rar files - files having the rar extension are not  ............  does not affect the capability of users to upload rar files, so there's little use in changing it from " ............  release that patches security issues is not the rar vulnerability, but the imei bug that allows a  ......
#20
cpg1.4 miscellaneous / Re: How do I change the display of zip or rar?
October 12, 2009, 06:31:13 PM by cpmbr
...... .  I wonder if there is any way to send a zip or rar file with the image file (jpg / gif / png) to  ......
#21
cpg1.4 miscellaneous / Re: Someone tried to hack myserver by uploading php.rar file
November 19, 2007, 10:22:58 PM by DoctorMason
......  on March 12, 2006, 09:26:28 PMIf you don't need .rar files uploaded then disallow them in config or  ......
#22
cpg1.4 permissions / Re: ly.php.rar fkn HACKED!!!
May 15, 2006, 02:40:58 PM by Joachim Müller
......  here: Coppermine-driven galleries hit by RAR exploit  You're just doing what you're not  ......
#23
cpg1.5 theme contributions / Re: DaMysterious Theme contributions for cpg1.5.x
March 08, 2012, 03:11:46 PM by Αndré
......  are affected: Quotecpg1.5.x_theme_dm_anabolica.rar cpg1.5.x_theme_dm_anime.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_blue_tatoo.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_coppersheet.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_finalfantasy.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_graphix.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_halloween.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_lovewave.rar cpg1.5. ............ .rar ......
#24
cpg1.4 miscellaneous / Re: Need to delete files placed in by a hacker
May 16, 2006, 09:04:17 PM by kegobeer
...... , tell your host to fix their server - rar files should not be parsed as php files. Second,  ............  rar files from being uploaded. You can do this in  ......
#25
cpg1.4.x Français (French) / Re: Version 1.4.6 de Coppermine disponible
May 21, 2006, 10:11:40 PM by Pascal YAP
......  (images, sons, txt, archives ZIP ou TAR.GZ RAR etc) Les Galeries qui ne possèdent qu'un seul  ......
#26
cpg1.4.x Français (French) / Re: Attention : nouvel registration d'un certain "lamumu"
November 16, 2007, 03:01:15 PM by Pascal YAP
......  faut-il être sot pour cliquer sur un fichier *.RAR d'origine inconnue !   ......
#27
cpg1.3 Upload / Re: problems adding mp3,avi,midi... to album
May 23, 2005, 09:54:08 AM by Joachim Müller
...... /ra/rm/tiff/tif/doc/txt/rtf/pdf/xls/pps/ppt/zip/rar/gz/mdb", as most of those extensions are not  ............  that actually can be processed by the image library you use (GD or ImageMagick). Try setting " ......
#28
cpg1.3 Upload / Custom uploader
November 10, 2005, 08:07:14 PM by MDxRacing
......  Your Upload You Only Had A Pic As Your zip/rar File To Click On To Download . Not 2 Pics Of Your  ............ /rar And The Pic You Uploaded With It.  Now Im Running  ............ /upload.php\">Click Here And Go Upload Your zip/rar file</a>";  And This  10001       echo "<meta  ............ /upload.php\">Click Here And Go Upload Your zip/rar file</a>";                  exit();            } ......
#29
General discussion (no support!) / Possible Security Alert - Heads Up For This IP:74.64.51.226
June 29, 2006, 12:09:05 AM by Aeronautic
......  this search:  Search Link  Those results reveal rar file uploads associated with that IP.  I'm  ......
#30
Announcements / Re: Maintenance release CPG1.4.6 protects against Apache's .rar vulnerability
June 09, 2006, 11:27:43 PM by Paver
......  version, it's also about protecting against the .rar vulnerability. 2. The "hotfix" doesn't apply to 1. ......
Pages1 2 3 4 5 ... 7