Coppermine-driven galleries hit by RAR exploit - Page 2 Coppermine-driven galleries hit by RAR exploit - Page 2
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Coppermine-driven galleries hit by RAR exploit

Started by Joachim Müller, May 15, 2006, 10:21:10 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

AndrewRH

I followed the suggestion to contact my ISP regarding this vulnerability.   After convincing them it was not a purely Coppermine issue (prior to 1.4.6), this is what they had to say:

>You're correct in stating that files with the .php.rar extension are
>parsed as PHP files, and that your sites visitors can upload such files
>to your webspace through a script, and have these files executed as PHP.
>
>This is not a vulnerability on our part. If you allow users to upload
>files via a script, they can also upload regular .php files as well and
>have them executed. Furthermore, you can control the MIME types of your
>files via a .htaccess file to prevent this..
~Andrew~

Joachim Müller

This has long been fixed, do as we suggest and upgrade. It doesn't make sense to argue about outdated versions. Locking.