Coppermine-driven galleries hit by RAR exploit - Page 2 Coppermine-driven galleries hit by RAR exploit - Page 2
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

Coppermine-driven galleries hit by RAR exploit

Started by Joachim Müller, May 15, 2006, 10:21:10 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

AndrewRH

#20
December 01, 2006, 11:47:21 AM
I followed the suggestion to contact my ISP regarding this vulnerability.   After convincing them it was not a purely Coppermine issue (prior to 1.4.6), this is what they had to say:

>You're correct in stating that files with the .php.rar extension are
>parsed as PHP files, and that your sites visitors can upload such files
>to your webspace through a script, and have these files executed as PHP.
>
>This is not a vulnerability on our part. If you allow users to upload
>files via a script, they can also upload regular .php files as well and
>have them executed. Furthermore, you can control the MIME types of your
>files via a .htaccess file to prevent this..
~Andrew~

Joachim Müller

#21
December 02, 2006, 08:07:41 AM
This has long been fixed, do as we suggest and upgrade. It doesn't make sense to argue about outdated versions. Locking.
Print
Go Up Pages 1 2
User actions