sanyo_php.rar - Coppermine Exploit ??????

[derperle]

Some one with the name Jolicoeur has uploaded a File with the name sanyo_php.rar

Here is a link to the File: http://erwischt.er.funpic.de/cpg132/blabla.txt
Can Someone tell me what this file do and if my gallery is hacked ?
Please!!!!!!!!!!!!!!!!!!!!!1

[Nibbler]

Your gallery appears to be gone. I expect you were running an outdated version of Coppermine.

[derperle]

I've the Last Coppermine Version.
1.4.9
I've delete the File. What else can do. The File are in the EDIT folder and i dont give the permission to add the File in my Gallery.
Now i forbid tho upload of rar files
But is there any danger for my gallery???

[Tranz]

It looks like your gallery is gone, though, isn't it?

[Joachim Müller]

Security release cpg1.4.10 - upgrade mandatory

[derperle]

No.
My gallery is still running. But thanks for the Copppermine Security Update.
But if you check google with the keyword sanyo_php you see some gallerys wich are infected
http://www.google.de/search?q=sanyo_php&start=0&ie=utf-8&oe=utf-8&meta=lr%3Dlang_de&client=firefox-a&rls=org.mozilla:de:official

Here is my gallery: http://erwischtorg.h759617.serverkompetenz.net/cpg132/index.php

It seems like everything is OK....

[Joachim Müller]

We're aware of this, but how should we cure those sites? Hopefully, the people who run those sites will return to coppermine's homepage and apply the fix and review security on their site.
As with nearly all similar vulnerabilities, we're not too keen to discuss details about the exploits publicly, as it would give script kiddies an idea what to do to launch attacks against unpatched galleries.

Marking thread as "solved"