[VIM] possibly true: Olate Download 3.4.2 userupload.php / upload
Steven M. Christey
coley at mitre.org
Sat Sep 8 01:46:14 UTC 2007
Researcher: imei Addmimistrator, who's usually accurate
http://www.securityfocus.com/archive/1/478359/100/0/threaded
The researcher's http://myimei.com site is generating a server error
currently.
There's a dispute here:
http://www.securityfocus.com/archive/1/478640/100/0/threaded
that claims:
Olate 3.4.2 check the extension of uploaded file and by default you
can't upload anything.
then there's a code extract:
if (isset($_FILES['uploadfile']))
{
$ext = strrchr($_FILES['uploadfile']['name'], '.')
BUT... it seems to me like the code extract could be vulnerable with a
double-extension like "abc.php.gif" on Apache or other servers that
would process this as a PHP program.
I don't have the time to investigate this more closely, however.
- Steve
More information about the VIM
mailing list