Comment posted on Coppermine Photo Gallery - Link broken Comment posted on Coppermine Photo Gallery - Link broken
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Comment posted on Coppermine Photo Gallery - Link broken

Started by Riox, December 12, 2008, 12:10:57 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Riox

December 12, 2008, 12:10:57 AM
CPG and SMF up do date. Changed nothing since the last time it worked.
eMails HTML

Code Select
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>A report from LawlMiester20 on a gallery comment</title>
</head>
<body bgcolor="#FFFFFF" text="#0F5475" link="#0F5475" vlink="#0F5475" alink="#0F5475">
<p><a href="http://foxbox.cc/gallery/displayreport.php?data=YToxMDp7czoyOiJzbiI7czoxMzoiTGF3bE1pZXN0ZXIyMCI7czoyOiJzZSI7czoyMjoib21nbGF3bHpyb2xmQHlhaG9vLmNvbSI7czoxOiJwIjtzOjI1OiJodHRwOi8vZm94Ym94LmNjL2dhbGxlcnkvIjtzOjI6InN1IjtzOjk6IkF0dGFja2luZyI7czoxOiJtIjtzOjA6IiI7czoxOiJyIjtzOjQxOiJyZWFzb24ocykgZm9yIHJlcG9ydDoKbm8gcmVhc29uIHdhcyBnaXZlbiI7czoxOiJjIjtzOjUxNzoiRVZFUllCT0RZIFNIVVQgVVAhISEgIFlvdSBraWRzIGFjdCBsaWtlIGhlIGRpZCBhIGFuaW1hdGlvbiBvZiB0aGUgZHJhZ29ucyBiZWluZyBlYXRlbiBhbGl2ZSB3aXRoIGl0JiMzOTtzIGd1dHMgc2hvd2luZyEhIEkmIzM5O3ZlIHNlZW4gd29yc2Ugb24gJiMzOTt2b3JlJiMzOTsgYW5kIG5vYm9keSBjb21wbGFpbmVkLCBzbyBzdHVmZiBpdCBBTEwgb2YgeW91ISEgPGltZyBzcmM9ImltYWdlcy9zbWlsZXMvaWNvbl9tYWQuZ2lmIiBhbHQ9IiIgIC8%2BIE9oLCBhbmQgdHdvIG1vcmUgcmVhc29ucyB0byBzdG9wIHdoaW5pbmcuIDEuIFdlcmUgbm90IGV2ZW4gc2VlaW5nIGFueSBHT1JFIG9uIFRISVMgdmlkLiAyLiBIaXMgc2l0ZSYjMzk7cyBnb25lIHNvIHlvdSB3b24mIzM5O3QgJnF1b3Q7YWNjaWRlbnRseSZxdW90OyBzdGVwIGluIGFuZCBzYXkgaG93IHNpY2sgaGUgaXMuICA8aW1nIHNyYz0iaW1hZ2VzL3NtaWxlcy9pY29uX25ldXRyYWwuZ2lmIiBhbHQ9IiIgIC8%2BIEhvbmVzdGxseSBndXlzLCBncm93IHVwLiI7czozOiJjaWQiO2k6NDE1MTtzOjM6InBpZCI7aToxNzgyO3M6MToidCI7czo3OiJjb21tZW50Ijt9">View full report with comment</a></p>
                <b><font face="arial" color="#000000" size="4">Attacking</font></b>
                <p>
                        reason(s) for report:
no reason was given
                <p>
                <font face="arial" color="#000000" size="2"></font>
                </p>
                <font face="arial" color="#000000" size="2">xxxxxxxxxxx</font>
                (<a href="mailto:xxxxxxxxx@yahoo.com"><font face="arial" color="#000000" size="2">xxxxxxxxxx@yahoo.com</font></a>)
<p><a href="http://foxbox.cc/gallery/"><b>Gallery</b></a></p>
</body>
</html>Sent by xxxxxxxxxx from IP xx.xx.xx.xxx at Dec 11, 2008 at 10:05 PM (Gallery time)

Opera 9.67 and IE 7.0 made the gallery say

QuoteCritical error
The data for the report you are trying to access has been corrupted by your mail client. Check the link is complete.

Got the Mail via pop3 (TheBat) and tried it via NOCC same error.

FireFox:
Quote[NoScript XSS] Sanitized suspicious request. Original URL [http://foxbox.cc/gallery/displayreport.php?data=YToxMDp7czoyOiJzbiI7czoxMzoiTGF3bE1pZXN0ZXIyMCI7czoyOiJzZSI7czoyMjoib21nbGF3bHpyb2xmQHlhaG9vLmNvbSI7czoxOiJwIjtzOjI1OiJodHRwOi8vZm94Ym94LmNjL2dhbGxlcnkvIjtzOjI6InN1IjtzOjk6IkF0dGFja2luZyI7czoxOiJtIjtzOjA6IiI7czoxOiJyIjtzOjQxOiJyZWFzb24ocykgZm9yIHJlcG9ydDoKbm8gcmVhc29uIHdhcyBnaXZlbiI7czoxOiJjIjtzOjUxNzoiRVZFUllCT0RZIFNIVVQgVVAhISEgIFlvdSBraWRzIGFjdCBsaWtlIGhlIGRpZCBhIGFuaW1hdGlvbiBvZiB0aGUgZHJhZ29ucyBiZWluZyBlYXRlbiBhbGl2ZSB3aXRoIGl0JiMzOTtzIGd1dHMgc2hvd2luZyEhIEkmIzM5O3ZlIHNlZW4gd29yc2Ugb24gJiMzOTt2b3JlJiMzOTsgYW5kIG5vYm9keSBjb21wbGFpbmVkLCBzbyBzdHVmZiBpdCBBTEwgb2YgeW91ISEgPGltZyBzcmM9ImltYWdlcy9zbWlsZXMvaWNvbl9tYWQuZ2lmIiBhbHQ9IiIgIC8%2BIE9oLCBhbmQgdHdvIG1vcmUgcmVhc29ucyB0byBzdG9wIHdoaW5pbmcuIDEuIFdlcmUgbm90IGV2ZW4gc2VlaW5nIGFueSBHT1JFIG9uIFRISVMgdmlkLiAyLiBIaXMgc2l0ZSYjMzk7cyBnb25lIHNvIHlvdSB3b24mIzM5O3QgJnF1b3Q7YWNjaWRlbnRseSZxdW90OyBzdGVwIGluIGFuZCBzYXkgaG93IHNpY2sgaGUgaXMuICA8aW1nIHNyYz0iaW1hZ2VzL3NtaWxlcy9pY29uX25ldXRyYWwuZ2lmIiBhbHQ9IiIgIC8%2BIEhvbmVzdGxseSBndXlzLCBncm93IHVwLiI7czozOiJjaWQiO2k6NDE1MTtzOjM6InBpZCI7aToxNzgyO3M6MToidCI7czo3OiJjb21tZW50Ijt9] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://foxbox.cc/#28071918836431496].

I got reports on comments befor but all of them worked finde ...


Servers php-errorlog is clean, GalleryLogs are eigther not working or missed that event O.o
Can provide adminship to CPG staff.

Riox

#1
December 12, 2008, 07:56:33 PM
er, the subject shoud have been
"A report from LawlMiester20 on a gallery comment - Link broken

unless CPG has a "report comment" funktion this belongs in Stamm's domain.

Sorry, I had to write this 3 times due to browser mishaps and got sloppy

Nibbler

#2
December 12, 2008, 08:05:26 PM
I don't think this is a modpack issue. Setup NoScript to whitelist the displayreport urls.
Print
Go Up Pages1
User actions