Computer Security

Security Advisory: Russcom PHPImages lack of validation
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA20165] FrontRange iHEAT Host System Access Vulnerability

  OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting

  Diesel Joke Site SQL INJECTION

  YLZH(right.
php)Cross Site Scripting

From:zerogue_(at)_gmail.com <zerogue_(at)_gmail.com>
Date:25.05.2006
Subject:Russcom PHPImages lack of validation

Russcom PHPImages lack of validation

Discovered by: Nomenumbra
Date: 21/5/2006
impact:moderate

Russcom's PHPImages doesn't validate if the uploaded
file is an image, it just checks for the extension, thus
allowing an attacker to upload php scripts with a .gif extension
for example, potentially allowing him (trough file inclusion vulns for
example) to execute arbitrary code.

Nomenumbra
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru