upload php vulnerability for $_FILES['userfile']['name'] can contain

string "../" if the name start with a "." with a fake raw http :

Content-Disposition: form-data; name="userfile";

filename="../../../test.html"

http://slythers.tcpteam.org/uploadphpvuln.txt

http://bugs.php.net/bug.php?id=28456

[ reply ]