[Solved]: Possible security issue in CPG v1.4.16 [Solved]: Possible security issue in CPG v1.4.16
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

[Solved]: Possible security issue in CPG v1.4.16

Started by Marius, March 28, 2008, 06:55:01 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Marius

Hello
I want to announce a possible security issue in Coppermine 1.4.16, happened on my site monday, but posting this so late because i wanted to be sure.
So, some guy (program) registered on my site, using (CPG 1.4.16), and posted 1145 comments, 1 for every picture, containing spam, every comment containing 40+ lines of text, all linked, though my config for comments was for 10 lines and 512 characters max. I have found this on servers logs for that day:
..................................
66.186.33.226 - - [24/Mar/2008:00:00:02 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-789&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:03 -0400] "GET /displayimage.php?pos=-788&lang=english HTTP/1.1" 200 36357 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:08 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16175 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-788&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:09 -0400] "GET /displayimage.php?pos=-787&lang=english HTTP/1.1" 200 36496 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:14 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-787&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:16 -0400] "GET /displayimage.php?pos=-786&lang=english HTTP/1.1" 200 36430 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:21 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-786&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:22 -0400] "GET /displayimage.php?pos=-785&lang=english HTTP/1.1" 200 36295 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
64.1.215.162 - - [24/Mar/2008:00:00:25 -0400] "GET /displayimage-45-6.html HTTP/1.0" 200 29143 www.my-site.ro "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:27 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-785&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:28 -0400] "GET /displayimage.php?pos=-784&lang=english HTTP/1.1" 200 36435 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:33 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-784&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:34 -0400] "GET /displayimage.php?pos=-783&lang=english HTTP/1.1" 200 36477 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:39 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-783&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:40 -0400] "GET /displayimage.php?pos=-782&lang=english HTTP/1.1" 200 36300 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
61.247.217.36 - - [24/Mar/2008:00:00:44 -0400] "GET /thumbnails-search-Cameron&lang=albanian.html HTTP/1.1" 200 23786 www.my-site.ro "-" "Yeti/1.0 (+http://help.naver.com/robots/)" "-"
64.1.215.162 - - [24/Mar/2008:00:00:44 -0400] "GET /slideshow-lastup--25-336-4000.html HTTP/1.0" 200 21549 www.my-site.ro "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:45 -0400] "POST /db_input.php?lang=english HTTP/1.1" 302 16168 www.my-site.ro "http://www.my-site.ro/displayimage.php?pos=-782&lang=english" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
66.186.33.226 - - [24/Mar/2008:00:00:47 -0400] "GET /displayimage.php?pos=-781&lang=english HTTP/1.1" 200 36302 www.my-site.ro "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
.........................................................................

and so on.
I want to mention this, captcha 3.0 plugin was not installed at that time, my mistake...
If this is a false alarm,i apologize in advance, but for a non technical person like me this looks like an automated sql injection attack from this IP, 66.186.33.226 (probably dynamicaly generated), using "db_input.php" statement. Please someone from CPG technical staff advice on this matter.

Best regards


Joachim Müller

How is this supposed to be a security issue? If you allow guest comments, this is to be expected.

Marius

I didn't, comments are enabled only to registered, that's exactly the point, pls read more carrefully my post:
Quote...some guy (program) registered on my site, using (CPG 1.4.16), and posted 1145 comments,...

Marius

After reading more in this forum i see that comments spam is a well known issue, found this mod (linked to most relevant post for my problem)