Malicious RAR Malicious RAR
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Malicious RAR

Started by sunsuron, July 19, 2007, 04:17:17 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sunsuron

Someone registered at my gallery and uploaded a RAR file. When I click, it firefox shows this PHP codes. I am not programmer but just for precaution I changed my password immediately, banned the user and delete the RAR file. Is there anything I should worry about what this PHP script is capable of ruining my gallery?

**EDIT** removed malicious script  - Donnoman

donnoman

I removed the text of the script because we don't need to disclose the source here to allow other copycats.  If they want it they can go get it from dedicated hacker sites.

This is not a vulnerability of Coppermine, it is a vulnerability because your host is using mod-mime for Apache. Discuss this with your host, and you should probably mail THEM the script so they can assess what damage was potentially done, to yours and to other sites hosted on the same server as yours.

You can prevent this in the future by carefully limiting which types of files you allow users to upload.

The safest configuration only allows, .jpg and .gif files to be uploaded.

Please see the documentation link here for more information: http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#admin_picture_thumbnail


Joachim Müller

As Donnoman suggested this is a webserver-vulnerability (or rather, a misdocumented feature). The so-called "rar"-explot has been taken care of some time ago. Coppermine renames all uploaded file by replacing all dots in file names (except the last one that separates the actual file name from the extension). Make sure that you run the most recent coppermine version to avoid such issues in the future.

Details can be found in the thread "Coppermine-driven galleries hit by RAR exploit" and "Maintenance release CPG1.4.6 protects against Apache's .rar vulnerability"