I did not know where to place this question, it seems more directed towards a
PHP scritping question, but it also a question of security being compromised within Coppermine.
This is the second time someone uploaded a RAR file that was a PHP script called webadmin.php.
When I examined the file it says it's a web based file manager, however I'm instinctively sceptical
about what it actually does and why the two users uploaded it in tthe first place.
I have attached the file unRARed into this ZIP file. Can anyone look at it and tell me
what it actually does. Is it safe for upload to Coppermine. I'm concerned that it may used
to access my server files and corrupt my Coppermine database or their databases on the server
my gallery resides. I have no intention of running that file on my server "just to see what it does".
Thanks in advance.
P_g@dmin
[Edited By Sami]:
Removed the attachment for security ;)
The rar vulnerability has been fixed long time ago - as you appear to be running cpg1.4.12 you should be safe against that attack. Apparently, the malicious uploader tried to exploit the vulnerability that existed in previous versions without taking into account that you're running the hardened coppermine version that is immune against the apache vulnerability. To be absolutely sure that everything is fine, post a deep link to the uploaded file.
Read up the rar vulnerability discussion for details.
Thanks I did not know where to look for this type of issue and was not aware of the RAR thingie.
We can marked this solved.
Quote from: GauGau on August 10, 2007, 10:29:47 AMTo be absolutely sure that everything is fine, post a deep link to the uploaded file.
Why didn't you do as suggested?