PDA

View Full Version : photopost gallery hacked


nymyth
June 7th, 2006, 01:38 PM
I was wondering, has anyone else here had their gallery hacked....mines got hit today. I was wondering if there are any security issues that i didnt know about. Also does anyone know how I might go about fixing this?

www.jaydabhi.com/photopost/index.php

Peace

Michael P
June 7th, 2006, 02:14 PM
What version of PhotoPost were you running? There are no known security issues known, nor have any been reported since we released significant security updates a couple releases ago.

Any other related information you may have would also be helpful.

nymyth
June 7th, 2006, 02:22 PM
Michael,

The version is 5.13

Dont know what other information you might need.

Thanks.

Michael P
June 7th, 2006, 02:24 PM
Are the files still on your server? You could look at the pp-inc.php file in the printfooter() function to see a version number.

We have released several security updates in the past year; and we submitted our code for a security review back around version 5.0 or 5.1 (I'd have to review the doc files for the exact version).

If you'd like to PM me your server info, I'd be glad to take a look myself.

b6gm6n
June 7th, 2006, 02:48 PM
EXIF data stored in certain image files is not sufficiently sanitized before being displayed to users. A remote attacker who is able to entice a user into viewing specially crafted EXIF data could cause arbitrary script to run in that user's browser. PhotoPost 5.13 and earlier are affected by this vulnerability.

just a thought :)

nymyth
June 7th, 2006, 02:51 PM
^^ooohhh.....so pretty much, i should upgrade...lol

Peace

Michael P
June 7th, 2006, 02:55 PM
You were running v5.13; we are up to v5.3, so I would suggest upgrading. I wouldn't be able to tell what kind of exploit may have been used or even if it came from PhotoPost without shell access to review your server logs.

The hacker replaced your config-inc.php file with some code to print that page out; I replaced your config-inc.php and you just need to upload your old copy or edit this one with your db info.

Everything else appears to be normal; but without shell access to review your logs, its difficult for me to guess what may have caused this.

nymyth
June 7th, 2006, 03:43 PM
Thank you Michael. I will upgrade tonight.

Peace