webadmin.php upload hack webadmin.php upload hack
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

webadmin.php upload hack

Started by nautis, June 26, 2006, 05:21:41 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

nautis

Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew

Justttt

i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar  nd paste the code in here maybe someone can tell you what the file is  ::)
J U S T T T T

Tranz

Quote from: nautis on June 26, 2006, 05:21:41 PM
Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew
Yes. Please upgrade to 1.4.8. Search for any other backdoor files and remove them. Change your admin password.

Tranz

Quote from: Justttt on June 26, 2006, 05:24:35 PM
i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar  nd paste the code in here maybe someone can tell you what the file is  ::)
Yes, they could. http://forum.coppermine-gallery.net/index.php?topic=31671.0

nautis

i had already upgraded to the latest version. i deleted the file, but you find out more about it here: http://wacker-welt.de/webadmin/. is there a way i can turn off uploading archives?

Nibbler

Set the allowed filetypes to whatever you like in config.