Uploading .exes through url Uploading .exes through url
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Uploading .exes through url

Started by AlphaAddict, October 03, 2005, 06:51:03 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

AlphaAddict

is there any way to get Coppermine Photo Gallery to accpet url .exe uploads?
it works with rar,zip etc

i can upload images etc but not .exes through the url

My gallery is here

Nibbler

You'd need to manually add the new filetype into the filetypes table in the database.

Tranz

It might be easier to zip the .exe since the browser might display a warning message when someone tries to download an .exe.

Joachim Müller

also, make sure that only you as admin can upload at all, you wouldn't want others to upload harmful executables to your website.

AlphaAddict

Quote from: Nibbler on October 03, 2005, 06:52:07 PM
You'd need to manually add the new filetype into the filetypes table in the database.
how exactly would i do that?

Stramm

with a tool like phpmyadmin you have a look at your filetypes table, view it's contents and add a new line

AlphaAddict

im not sure..
if i give you the login would you do it?

Stramm

no, I don't like it to much having logins for others servers. If something goes wrong now or in a few weeks you may point your finger at me... no ;)

but create a file addsql.php or whatever you like in your cpg main dir and add the following content

<?php
define
('IN_COPPERMINE'true);
require(
'include/init.inc.php');
if (!
GALLERY_ADMIN_MODE) die('Access denied');
pageheader("SQL");
if (
db_query("INSERT INTO {$CONFIG['TABLE_FILETYPES']} (extension, mime, content ) VALUES('exe' ,'application/x-msdownload', 'executable')")) {
echo 
'OK';
} else {
echo 
'Hmmmm.... nope';
}
pagefooter();
?>



call that file, and after that delete it. You need to be logged into CPG and you need to be in admin mode


AlphaAddict

when you say "call" it what do you mean?

Stramm

you type the file's URL in the browser's address bar

AlphaAddict

now i get


Notice: Undefined index: executable in /home/alphaadd/public_html/Gallery/include/media.functions.inc.php on line 33

Notice: Undefined index: in /home/alphaadd/public_html/Gallery/include/media.functions.inc.php on line 33

Notice: Undefined index: executable in /home/alphaadd/public_html/Gallery/include/media.functions.inc.php on line 33

Notice: Undefined index: in /home/alphaadd/public_html/Gallery/include/media.functions.inc.php on line 33

Nibbler

Do the same as you just did, but use the following code instead:


<?php
define
('IN_COPPERMINE'true);
require(
'include/init.inc.php');
if (!
GALLERY_ADMIN_MODE) die('Access denied');
pageheader("SQL");
if (
db_query("UPDATE {$CONFIG['TABLE_FILETYPES']} SET content = 'document' WHERE extension = 'exe'")) {
echo 
'OK';
} else {
echo 
'Hmmmm.... nope';
}
pagefooter();
?>


Stramm

If you want to know more about notices just do a search. Has been answered hundreds of times.

As you see it's in media.functions.inc.php. This function checks media files cause coppermine is a program to handle media files and documents. Not executables. So you have three options. Turn notices off (as you already knw cause you did the search as suggested), edit media.functions.inc.php to support executable or delete the just added sql and re add it but with content=document (just an example). You can expect flaws here and there

edit: Ok, has already been answered ;)

AlphaAddict

now the errors at the page top are gone but the bottom says
Error Report
The following uploads encountered errors: 
URI/URL Uploads: 
File Name/URL Error Message
1. http://www.heaventools.com/download/pexsetup.exe HTTP/1.1 302 Found

Nibbler

That's because the actual URL is http://www.heaventools.com/files/dwnlnd/PE.Explorer_setup.exe apparently coppermine can't handle the redirection.

AlphaAddict

ok now i get
Error Report
The following uploads encountered errors: 
URI/URL Uploads: 
File Name/URL Error Message
1. http://www.heaventools.com/files/dwnlnd/PE.Explorer_setup.exe Unknown MIME type

Nibbler

OK, the correct MIME type is application/octet-stream, so upload and run the following code:


<?php
define
('IN_COPPERMINE'true);
require(
'include/init.inc.php');
if (!
GALLERY_ADMIN_MODE) die('Access denied');
pageheader("SQL");
if (
db_query("UPDATE {$CONFIG['TABLE_FILETYPES']} SET mime = 'application/octet-stream' WHERE extension = 'exe'")) {
echo 
'OK';
} else {
echo 
'Hmmmm.... nope';
}
pagefooter();
?>


AlphaAddict