How bad is the file ly_php.rar How bad is the file ly_php.rar
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

How bad is the file ly_php.rar

Started by sforick, September 20, 2007, 09:23:37 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

sforick

September 20, 2007, 09:23:37 AM
I have a coppermine gallery that contains nudity, so I require my users to register in order to see the albums.
I just noticed that a user uploaded the file ly_php.rar
It's a very long php script and I dont know what it's doing or has done.

When I google it I get over 217 pages of hits.  They seem to be coppermine installations with this suspect file recently uploaded by a user (in some cases identified as castanag@gmail.com). The google links seem to allow the public to see files without registering.

I can supply the php text of this rar file if needed.

Is this a known problem of something normal that I'm just ignorant of????

Joachim Müller

#1
September 20, 2007, 09:36:03 AM
Not bad at all (on your setup). The file can not do any harm. The original uploader tried to exploit a vulnerability in Apache that was not sanitized in previous versions of coppermine. The original file was named ly.php.rar (notice the dot), which would have posed a risk on some server setups. Coppermine now renames such files, so you're save. You can savely ignore the file or delete it. No harm done. Searching the board would have told you so, please search before posting in the future.
Print
Go Up Pages1
User actions