MALWARE removal MALWARE removal
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

MALWARE removal

Started by allvip, March 31, 2014, 11:44:33 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

allvip

6Scan suggested to add a code for every malware found to thumbnails.php and displayimage.php to manually fix the malware.

Did I do the right way?Is the malware still on my gallery?

allvip

I asked the host to reset my acoount the way it was before I sign up with them.
I have the gallery in my pc with the files when everything was fine.I will reupload.

gmc


For these 'vulnerabilities', 6scan isn't seeing Coppermine's use of Inspekt - which is used to sanitize all input from $_REQUEST variables (includes $_GET' $_POST, etc...)

The suggested change won't hurt, but the contents of $_GET['cat'] is validated by calls to Inspekt..
See the usage of 'supercage' and validations like 'getINT' that insure the variable contains only an integer (and not SQL injection....)
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

ΑndrĂ©

I don't recommend to use websites that just list each parameter they can find as possible vulnerability. Cheeky way to earn money IMHO.