"..image uploads and potentially opens a cross-site-scripting exploit. It has affected many web-based applications that allow image uploads..."
this is the description on Vbulletin.con at this thread:
on november, 2
My VBGallery is the last version... and BEFORE of this data....
Today I've found these files :
al the files are created at the same time.... at 09.55am
the contents... NO COMMENT.
is it possible that this "malaware" are ulpoaded on my site via upload.php ?
( they are present only in the subdir of gallery... images users etc.. )
thanks in advance.
There are not standard gallery files included with the install package.
Take a look @ FTP access logs on the webserver to see if those might of been files uploaded in the wrong folder durring a hack install. (draged and dropped in the wrong folder)
but as you can read is not good... :|
Gnubittol, what exactly is the question? And have you deleted those files yet?
the question is:
Is a bug of PHP or a bug of VBGallery?
These files was REMOVED immediatly from the server and I changed the permissions on all "777" folders NOW vbGalery is READ ONLY ( no upload is available) .....
And this is still a problem, got exactly the same issue this evening.
Part of the installation manual says;
Now create a directory on your web server for PhotoPost. The directory needs to be accessible via the web. FTP PhotoPost's directories and files from your local machine to your server. The directory structure on your server should be as follows:
images (chmod 755)
uploads (chmod 777)
help (chmod 755)
data (chmod 777)
1 (chmod 777 - including subdirectories)
2 (chmod 777 - including subdirectories)
500 (chmod 777 - including subdirectories)
languages (chmod 755) (a
stylesheets (chmod 777)
templates (chmod 777)
forums (chmod 755)
So my questions now is, if i set data and uploads to 755 will i then not be able to upload anything in the photo gallery?
What can i do to prevent the photo gallery from being hacked?
I use PhotoPost 562
No answer from any support people or developers here?
Can PhotoPost work if the data, uploads, templates are not set to 777? I would like to have an answer, thanks.
Maybe no response because you're in the wrong forum category, this is for vbgallery.
|All times are GMT -5. The time now is 09:48 PM.|
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0