Vulnerability? Had shell uploaded through upload.php Vulnerability? Had shell uploaded through upload.php
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Vulnerability? Had shell uploaded through upload.php

Started by SickFinga, June 17, 2006, 10:22:40 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

SickFinga

I was checking my counter, and saw someone was "google hacking"

Someone was searching for "coppermine photo gallery intitle:"Upload File"" and yahoo and got to my site.
I checked my logs and noticed that used tried to access
http://url.com/albums/userpics/is.php.rar

I checked my USERPICS folder and sure is.php.rar was there.
I opened it with notepad, and it is a shell.


So I was wondering if there is any danger?


I have 1.4.5 patched to 1.4.8

Sami

yes there is , you should delete that file
- as cpg 1.4.6 , gallery is protected against Apache's .rar vulnerability
- This file uploaded ,before you upgraded the gallery
‍I don't answer to PM with support question
Please post your issue to related board

SickFinga

Nope, uploaded yesterday.
Guess I should double check if I acually patched it.

SickFinga

Check function.inc.php and it is patched (patched on May 26)
rar file was uploaded on 16th June.

??? ???

Sami

look for other shell file may be you have a shell file uploaded before update, and they use that to upload new one !
waht is the actual name? is.php.rar or is_php.rar?
- link to site with test (non admin) user would be helpfull
‍I don't answer to PM with support question
Please post your issue to related board

SickFinga

File name is is_php.rar

But when he tried to access it, he tried is.php.rar
[Fri Jun 16 10:05:53 2006] [error] [client 193.226.60.107] File does not exist: /usr/home/tttt/public_html/404.shtml
[Fri Jun 16 10:05:53 2006] [error] [client 193.226.60.107] File does not exist: /usr/home/tttt/public_html/albums/userpics/is.php.rar

site
http://tuningdb.com

SickFinga

OK I just tried to rename the shell to is.php.rar and upload it. Coppermine changed the file name to is_php.rar

So I guess fix does works.

Sorry for the false alarm.

Sami

‍I don't answer to PM with support question
Please post your issue to related board