sanyo_php.rar - Coppermine Exploit ?????? sanyo_php.rar - Coppermine Exploit ??????
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

sanyo_php.rar - Coppermine Exploit ??????

Started by derperle, October 29, 2006, 06:08:22 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

derperle

Some one with the name Jolicoeur has uploaded a File with the name sanyo_php.rar

Here is a link to the File: http://erwischt.er.funpic.de/cpg132/blabla.txt
Can Someone tell me what this file do and if my gallery is hacked ????
Please!!!!!!!!!!!!!!!!!!!!!1

Nibbler

Your gallery appears to be gone. I expect you were running an outdated version of Coppermine.

derperle

I've the Last Coppermine Version.
1.4.9
I've delete the File. What else can do. The File are in the EDIT folder and i dont give the permission to add the File in my Gallery.
Now i forbid tho upload of rar files
But is there any danger for my gallery???

Tranz

It looks like your gallery is gone, though, isn't it?

Joachim Müller


derperle

No.
My gallery is still running. But thanks for the Copppermine Security Update.
But if you check google with the keyword sanyo_php you see some gallerys wich are infected
http://www.google.de/search?q=sanyo_php&start=0&ie=utf-8&oe=utf-8&meta=lr%3Dlang_de&client=firefox-a&rls=org.mozilla:de:official

Here is my gallery: http://erwischtorg.h759617.serverkompetenz.net/cpg132/index.php

It seems like everything is OK....

Joachim Müller

We're aware of this, but how should we cure those sites? Hopefully, the people who run those sites will return to coppermine's homepage and apply the fix and review security on their site.
As with nearly all similar vulnerabilities, we're not too keen to discuss details about the exploits publicly, as it would give script kiddies an idea what to do to launch attacks against unpatched galleries.

Marking thread as "solved"