PhotoPost Photo Gallery Sales PhotoPost Sales Toll Free Phone Number
Mon-Fri 9am-4pm EST
  PhotoPost Photo Sharing Photo Gallery    Visualize community tm
Home| Details| Support| Demo: User / Admin| Customer Galleries| Contact Us| Forums| Blog| Members Area| Buy PhotoPost

Go Back   PhotoPost Community > General Forums > General Discussion
photopost gallery hacked photopost gallery hacked
Register FAQ Social Groups Calendar Mark Forums Read

General Discussion General use discussion forum for PhotoPost products.

Reply
 
LinkBack Thread Tools Rate Thread Display Modes
Old June 7th, 2006, 12:38 PM   #1 (permalink)
Member
 
Join Date: May 2003
Posts: 68
Send a message via AIM to nymyth
photopost gallery hacked
I was wondering, has anyone else here had their gallery hacked....mines got hit today. I was wondering if there are any security issues that i didnt know about. Also does anyone know how I might go about fixing this?

www.jaydabhi.com/photopost/index.php

Peace
nymyth is offline   Reply With Quote
Old June 7th, 2006, 01:14 PM   #2 (permalink)
PhotoPost Developer
Verified Customer
 
Join Date: Jan 2002
Posts: 11,834
What version of PhotoPost were you running? There are no known security issues known, nor have any been reported since we released significant security updates a couple releases ago.

Any other related information you may have would also be helpful.
__________________
Please do not PM me for support or sales questions. Thank you for your understanding.
Michael P is offline   Reply With Quote
Old June 7th, 2006, 01:22 PM   #3 (permalink)
Member
 
Join Date: May 2003
Posts: 68
Send a message via AIM to nymyth
Michael,

The version is 5.13

Dont know what other information you might need.

Thanks.
nymyth is offline   Reply With Quote
Old June 7th, 2006, 01:24 PM   #4 (permalink)
PhotoPost Developer
Verified Customer
 
Join Date: Jan 2002
Posts: 11,834
Are the files still on your server? You could look at the pp-inc.php file in the printfooter() function to see a version number.

We have released several security updates in the past year; and we submitted our code for a security review back around version 5.0 or 5.1 (I'd have to review the doc files for the exact version).

If you'd like to PM me your server info, I'd be glad to take a look myself.
__________________
Please do not PM me for support or sales questions. Thank you for your understanding.
Michael P is offline   Reply With Quote
Old June 7th, 2006, 01:48 PM   #5 (permalink)
Senior Member
 
Join Date: Mar 2003
Posts: 1,319
EXIF data stored in certain image files is not sufficiently sanitized before being displayed to users. A remote attacker who is able to entice a user into viewing specially crafted EXIF data could cause arbitrary script to run in that user's browser. PhotoPost 5.13 and earlier are affected by this vulnerability.

just a thought
b6gm6n is offline   Reply With Quote
Old June 7th, 2006, 01:51 PM   #6 (permalink)
Member
 
Join Date: May 2003
Posts: 68
Send a message via AIM to nymyth
^^ooohhh.....so pretty much, i should upgrade...lol

Peace
nymyth is offline   Reply With Quote
Old June 7th, 2006, 01:55 PM   #7 (permalink)
PhotoPost Developer
Verified Customer
 
Join Date: Jan 2002
Posts: 11,834
You were running v5.13; we are up to v5.3, so I would suggest upgrading. I wouldn't be able to tell what kind of exploit may have been used or even if it came from PhotoPost without shell access to review your server logs.

The hacker replaced your config-inc.php file with some code to print that page out; I replaced your config-inc.php and you just need to upload your old copy or edit this one with your db info.

Everything else appears to be normal; but without shell access to review your logs, its difficult for me to guess what may have caused this.
__________________
Please do not PM me for support or sales questions. Thank you for your understanding.
Michael P is offline   Reply With Quote
Old June 7th, 2006, 02:43 PM   #8 (permalink)
Member
 
Join Date: May 2003
Posts: 68
Send a message via AIM to nymyth
Thank you Michael. I will upgrade tonight.

Peace
nymyth is offline   Reply With Quote
Reply

« question about installation process | importing from other software »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
differen between photopost pro and photopost vb gallery? sailnet Before You Buy 3 January 26th, 2006 09:39 AM
A nicely hacked CMS with PP b6gm6n General Discussion 3 December 15th, 2005 02:26 PM
PhotoPost 5.2 - I got hacked - how do I prevent this? Pauline Kenny Photopost Pro How Do I...? 16 October 17th, 2005 05:23 PM
I was hacked and photopost is gone Al Gregory Photopost Pro How Do I...? 6 September 17th, 2005 03:37 PM
Stop supporting "Hacked Setups" sleep747 General Discussion 2 December 24th, 2004 08:11 AM


All times are GMT -5. The time now is 06:44 AM.

Contact Us - PhotoPost - Archive - Privacy Statement - Top
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0
HOME | Copyright 2001-2013 ALL ENTHUSIAST, INC. ALL RIGHTS RESERVED.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97