MALWARE removal MALWARE removal
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

MALWARE removal

Started by allvip, March 31, 2014, 11:44:33 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Print
Go Down Pages1
User actions

allvip

March 31, 2014, 11:44:33 AM
6Scan suggested to add a code for every malware found to thumbnails.php and displayimage.php to manually fix the malware.

Did I do the right way?Is the malware still on my gallery?

allvip

#1
March 31, 2014, 12:11:50 PM
I asked the host to reset my acoount the way it was before I sign up with them.
I have the gallery in my pc with the files when everything was fine.I will reupload.

gmc

#2
March 31, 2014, 01:44:24 PM

For these 'vulnerabilities', 6scan isn't seeing Coppermine's use of Inspekt - which is used to sanitize all input from $_REQUEST variables (includes $_GET' $_POST, etc...)

The suggested change won't hurt, but the contents of $_GET['cat'] is validated by calls to Inspekt..
See the usage of 'supercage' and validations like 'getINT' that insure the variable contains only an integer (and not SQL injection....)
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

ΑndrĂ©

#3
March 31, 2014, 02:42:18 PM
I don't recommend to use websites that just list each parameter they can find as possible vulnerability. Cheeky way to earn money IMHO.
Print
Go Up Pages1
User actions