WEB PSA: Update Coppermine Image Gallery!

Discussion in 'OT Technology' started by Ender0910, Apr 18, 2008.

  1. Ender0910

    Ender0910 woot!

    Joined:
    Jun 1, 2004
    Messages:
    3,039
    Likes Received:
    0
    Location:
    Redmond/Bay Area
    If anyone's using the Coppermine Image Gallery, make sure you have the latest version!

    One of our sites runs off Coppermine and was compromised earlier today. Looking on their forums, the first report of this hack was April 6th. Their patch for this came out April 14th (v1.4.18). This hack has hit many Coppermine based sites and is potentially invisible to the end user.

    This exploit uses a mix of sql/php/god knows what injection to add an 1x1 px iframe to many of your pages.
    This iframe redirects to another site which contains 7+ exploits which mainly affect IE. Running the gamut from Java to Remote Data Access controls to an Animated Cursor exploit... needless to say this site is scary and you don't want your clients/visitors touching it.


    That is all.
     
    Last edited: Apr 18, 2008
  2. Logik

    Logik Livin la vida broka

    Joined:
    Jun 30, 2000
    Messages:
    20,667
    Likes Received:
    1
    Location:
    The Steel City
  3. waka_maka

    waka_maka New Member

    Joined:
    Oct 30, 2007
    Messages:
    588
    Likes Received:
    0
    lol it was pretty fucking annoying... but thank god for the backups :bowdown:
     

Share This Page