I was checking my counter, and saw someone was "google hacking"
Someone was searching for "coppermine photo gallery intitle:"Upload File"" and yahoo and got to my site.
I checked my logs and noticed that used tried to access
http://url.com/albums/userpics/is.php.rar
I checked my USERPICS folder and sure is.php.rar was there.
I opened it with notepad, and it is a shell.
So I was wondering if there is any danger?
I have 1.4.5 patched to 1.4.8
yes there is , you should delete that file
- as cpg 1.4.6 , gallery is protected against Apache's .rar vulnerability (http://forum.coppermine-gallery.net/index.php?topic=31671.0)
- This file uploaded ,before you upgraded the gallery
Nope, uploaded yesterday.
Guess I should double check if I acually patched it.
Check function.inc.php and it is patched (patched on May 26)
rar file was uploaded on 16th June.
??? ???
look for other shell file may be you have a shell file uploaded before update, and they use that to upload new one !
waht is the actual name? is.php.rar or is_php.rar?
- link to site with test (non admin) user would be helpfull
File name is is_php.rar
But when he tried to access it, he tried is.php.rar
[Fri Jun 16 10:05:53 2006] [error] [client 193.226.60.107] File does not exist: /usr/home/tttt/public_html/404.shtml
[Fri Jun 16 10:05:53 2006] [error] [client 193.226.60.107] File does not exist: /usr/home/tttt/public_html/albums/userpics/is.php.rar
site
http://tuningdb.com
OK I just tried to rename the shell to is.php.rar and upload it. Coppermine changed the file name to is_php.rar
So I guess fix does works.
Sorry for the false alarm.
Yes, it works ;)
Nop ,