Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: phill104 on October 28, 2008, 07:33:45 PM

Title: One of my CPG installs was hacked
Post by: phill104 on October 28, 2008, 07:33:45 PM
Yesterday one of my  CPG 1.4.19 installs was hacked. I believe it was done not through coppermine but through something it was bridged with but I would like your opinion

The attached file was uploaded to the galleries a number of times. If you've seen it before or know what it does then could you tell me?

Title: Re: One of my CPG installs was hacked
Post by: aftab1003 on October 28, 2008, 07:44:38 PM
i have already post the all information regarding the hack

i am also attacked by the iframe
Title: Re: One of my CPG installs was hacked
Post by: Joachim Müller on October 28, 2008, 11:22:15 PM
Well, the file you posted is the payload, but it doesn't give a clue how the attack was performed.
Try to access your server logs to see if you can find out more details about the attack itself.
Title: Re: One of my CPG installs was hacked
Post by: phill104 on October 29, 2008, 12:04:38 AM
I shall be bored silly in an hotel tomorrow evening so I will look through the logs then. I'm quite sure entry was gained through the other app but I would like to be sure. If it does look like CPG was the entry point I will post back with the results.
Text only | Text with Images