SlAiD
05-30-2006, 03:20 PM
URL: http://coppermine-gallery.net/forum/index.php?topic=31534.0
Apache can have this vulnerability:
When we whrite a html code and save a file like test.php.rar, some apache webservers can understend it as a html file.
This can be dangerous for Coppermine users.
To test if your're server is secure, whirte a file like test.php.rar with this code:
<?php print 'Oops, my webserver is vulnerable'; ?>
Access it using your web-browser, and see if you can DOWNLOAD it (not see it).
If you cannot download it, see above:
Locate your httpd.conf, search for AddType and add the fowlling after other AddType such .gz:
AddType application/rar .rar
AddType application/x-compressed .rar
AddType application/x-rar .rar
AddType application/x-rar-compressed .rar
AddType application/x-rar-compressed; application/x-compressed .rar
AddType compressed/rar; application/x-rar-compressed .rar
Restart apache, using '/etc/init.d/httpd restart' and it is done!
Thanks to Nick Zeljkovic from support for give me this code. ;)
SL
PS: ... sorry my poor english
Apache can have this vulnerability:
When we whrite a html code and save a file like test.php.rar, some apache webservers can understend it as a html file.
This can be dangerous for Coppermine users.
To test if your're server is secure, whirte a file like test.php.rar with this code:
<?php print 'Oops, my webserver is vulnerable'; ?>
Access it using your web-browser, and see if you can DOWNLOAD it (not see it).
If you cannot download it, see above:
Locate your httpd.conf, search for AddType and add the fowlling after other AddType such .gz:
AddType application/rar .rar
AddType application/x-compressed .rar
AddType application/x-rar .rar
AddType application/x-rar-compressed .rar
AddType application/x-rar-compressed; application/x-compressed .rar
AddType compressed/rar; application/x-rar-compressed .rar
Restart apache, using '/etc/init.d/httpd restart' and it is done!
Thanks to Nick Zeljkovic from support for give me this code. ;)
SL
PS: ... sorry my poor english