Another hack attempt aimed at Mambo/coppermine combination

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Specifically, Mambo with the copperminevis component installed.
(copperminevis seems to be no longer supported). The attacking URL looks
like this: ?

So, the idea is, the second value of "place" gets picked up by the PHP code.

I've added this to Mambo's index.php to block this:

if ($_GET['option'] == "com_copperminevis" && substr($_GET['place'],0,7)
== "http://")
    header("Location: ");

Bob Broughton /
Vancouver, BC, Canada
"It should be legal for a private maternity ward to permit smoking."
- Chuck Wright, May 22, 2006

Site Timeline