Results 1 to 4 of 4

Thread: Coppermine Gallery - php file upload?

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Location
    California
    Posts
    724

    Default Coppermine Gallery - php file upload?

    Andrew's quick action this morning caught a hacker on one of my customer's domains who had compromised a Coppermine Gallery script to send spam. My customer has version 1.4.1, where the Coppermine site shows 1.4.12 (not sure if that's iteration 12 of version 1.4, or iteration 2 of 1.4.1). The hacker was able to use the upload feature of Coppermine to upload an executable.

    The site is suspended, and I'll be upgrading the script tonight. Could this be a simple configuration item, where the customer has allowed any kind of file to be uploaded? Or is this a vulnerability of Coppermine?

  2. #2
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,635

    Default

    It could be either. I've never used the script but you'd certainly want to make sure it only allows you to upload actual images (certainly not PHP scripts). Perhaps someone that has used it can chime in regarding this. If it isn't a setting then I'd guess that it would be an exploit. Though more often than not, those small version changes are security patches and bug fixes. It is important to stay on them.

  3. #3
    Senior Member Buddha's Avatar
    Join Date
    Mar 2004
    Location
    Florida USA
    Posts
    825
    "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Location
    California
    Posts
    724

    Default

    Thanks, Buddah! That looks like what was done.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •