BiG BUG!!! no need to update c-m !!!! BiG BUG!!! no need to update c-m !!!!
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

BiG BUG!!! no need to update c-m !!!!

Started by voffkin, November 24, 2007, 05:28:24 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

voffkin

Hi my frends.........i see source of your coppermine.....

my coppermine 1.4.12 shows me empty pages.... after install...i think that some
functions disabled or not work properly in mine php.ini for copppermine....
I search existing error_reporting(*); in all scripts that works in /coppermine/
and find many-many lines of error_reporting(many variables); in some php's

this is really confuzed me!!!!!!!!!
but this is not a problem.... some debugs and i determine wich error_report will work on 100%
and wich i need to comment it  //

BiG bug is.... in the script in root dir, named phpinfo.php
....i find it when search error_reporting();
As u know phpinfo(); shows all info about server's software and it's variables and versions!!!!!!!!!
....and shows all installed dll's in php.ini........
PPL....creators.... did U know that huckers can crash YOUR server
knowen only this info ? ? ? ?

and updates will not save your system.... while THIS script is
opened to all........ not only for admin or test

Tranz

The coppermine phpinfo.php page will not show details unless you're logged in as admin. If yours is showing it to all, perhaps it's not a Coppermine file. Specifically, this would prevent nonadmin access:
if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied']);


In the future, please be careful before you shout "bug!" in a developer forum. It's like shouting fire in a crowded theatre when there is no fire.

voffkin

.....heh...... but i have been hacked :(


thanx a lot........

Joachim Müller

#3
Your initial posting clearly shows that you have no idea what you're talking about. As Thu suggested: the phpinfo.php file we provide will do no harm unless a possible attacker has already obtained your admin credentials. If he managed to accomplish this, you should have more serious issues on your mind than an open phpinfo page. If your gallery has been hacked, then ask yourself: have you been running the most recent stable release when you have been hacked? If yes: post what the attacker did and what happened. Your initial report is just invalid.

Shouting bug the way you did is just ignorant. If you have to report an actual bug: report it. If you need help: ask for help. Just posting irrelevant error_reporting pseudo-coder-talk doesn't turn your posting into a valid report, but shows that you haven't made your homework. We don't expect our users to be coders - being "just a user" is fine. However, if you want to play with the big boys and girls, make sure that you can stay level with us, i.e. that you understand what you're talking about.

The fact that you even posted your wannabe-bugreport on the wrong board (cpgNG testing/bugs) shows that you really have no idea nor do you respect board rules.