[VIM] possibly true: Olate Download 3.4.2 userupload.php / upload

Steven M. Christey coley at mitre.org
Sat Sep 8 01:46:14 UTC 2007


Researcher: imei Addmimistrator, who's usually accurate

http://www.securityfocus.com/archive/1/478359/100/0/threaded


The researcher's http://myimei.com site is generating a server error
currently.

There's a dispute here:

  http://www.securityfocus.com/archive/1/478640/100/0/threaded

that claims:

  Olate 3.4.2 check the extension of uploaded file and by default you
  can't upload anything.


then there's a code extract:

   if (isset($_FILES['uploadfile']))
   {
     $ext = strrchr($_FILES['uploadfile']['name'], '.')

BUT... it seems to me like the code extract could be vulnerable with a
double-extension like "abc.php.gif" on Apache or other servers that
would process this as a PHP program.

I don't have the time to investigate this more closely, however.

- Steve


More information about the VIM mailing list