Security hole Security hole
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Security hole

Started by kapou, June 18, 2006, 12:42:02 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

kapou

Hi. I think there is a big security hole in your software. I recieved a fake paypal e-mail linking to this url : http://www.numbernineteen.co.uk/Coppermine/sql/cgi-bin/update/paypalsignup/onlineid-sessionload/sessiondid=2335454893_Secured152388884&Update/index.htm
... This page is on the website of a coppermine user apparently and I don't think he is aware of what it is used for. If you can, you should try to inform him ! jon.

Stramm

This user's using an old version of coppermine (1.3.2)
If he upgrades his server software with the same carefulness as he does upgrade the coppermine software I'm sure there are some options for hackers uploading phishing sites. To hide that page deep in the directory structure is normal practise.

I've no clue at all how to whois a co.uk domain. So if someone could find out that guys email addy and tell him about this phishing site (or his host) this'll be much appreciated.

kapou

Quote from: Stramm on June 18, 2006, 12:55:09 PM
This user's using an old version of coppermine (1.3.2)
If he upgrades his server software with the same carefulness as he does upgrade the coppermine software I'm sure there are some options for hackers uploading phishing sites. To hide that page deep in the directory structure is normal practise.

I've no clue at all how to whois a co.uk domain. So if someone could find out that guys email addy and tell him about this phishing site (or his host) this'll be much appreciated.

the british whois is at http://www.nic.uk/ but I'm afraid it's not very helping, there is only the Registrant's agent name (http://www.123-reg.co.uk)

Sami

#3
he is using cpg 1.3.2 (an out of date version) and i think this is a dead gallery (not update since august 2005)
obviously they hacked it (the date of hack is 2006/06/07) and put cgi-bin there ...
‍I don't answer to PM with support question
Please post your issue to related board

Vargha

i tried looking for his email adress whois lookin up but it does not show
how bout sending an email to his host service http://www.123-reg.co.uk/support/contact.pl and asking them to find his email, then you can send an email to his and tell him whats goin on
Haalaa Boro Ye Chayi Vasam Dorost Kon Ta Man Ye Fekri Be Halet Bokonam ;) Ye Hendooneye Shotoriham Biyar Bizahmat :)
Visit My Site www.Rangarang.co.nr
Check Out My Gallery
www.Rangarang.co.nr/buddies
(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fimg157.imageshack.us%2Fimg157%2F838%2Frangarang4xn.jpg&hash=48b4c3087515cafe09fc6d3f7ee19dce86328d8e)

Sami

123-reg.co.uk is domian registrar not hosting
here is some info about that site:
IP address:                     66.36.240.151
Reverse DNS:                    66-36-240-151.orbital.synhost.net.
Reverse DNS authenticity:       [Verified]
ASN:                            14361
ASN Name:                       HOPONE-DCA
IP range connectivity:          2
Registrar (per ASN):            ARIN
Country (per IP registrar):     US [United States]
Country Currency:               USD [United States Dollars]
Country IP Range:               66.36.192.0 to 66.36.255.255
the site hosted on US
I keep searching to find his/her real hosting ;)
‍I don't answer to PM with support question
Please post your issue to related board

Vargha

dont worry bout it bmossavari
his site has been suspended
Haalaa Boro Ye Chayi Vasam Dorost Kon Ta Man Ye Fekri Be Halet Bokonam ;) Ye Hendooneye Shotoriham Biyar Bizahmat :)
Visit My Site www.Rangarang.co.nr
Check Out My Gallery
www.Rangarang.co.nr/buddies
(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fimg157.imageshack.us%2Fimg157%2F838%2Frangarang4xn.jpg&hash=48b4c3087515cafe09fc6d3f7ee19dce86328d8e)