Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Miscellaneous => Topic started by: Esel2k on October 30, 2006, 06:15:45 PM

Title: Hack with a rarfile
Post by: Esel2k on October 30, 2006, 06:15:45 PM
Hey guys...

I'm using coppermine since 5 months now. today i had a filename called: "ly.php.rar" and when you click on it, it gave all the server and rcon informations so i deleted it....is there an update or is this problem already known?

greez
Title: Re: Hack with a rarfile
Post by: Esel2k on October 30, 2006, 06:23:41 PM
here some informations more:

http://www.ucsbhillel.org/photos/albums/userpics/10006/ly.php.rar

This is the same file from an other galery. Username of this "very funny" guy is "toraq".

cu
Title: Re: Hack with a rarfile
Post by: Nibbler on October 30, 2006, 06:29:52 PM
It's a well known vulnerability in old versions of Coppermine. That gallery is 1.3.3. If you keep your gallery up to date (1.4.10) then you won't have any problems.
Text only | Text with Images