BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
EzUpload multi file vulnerabilities
Jul 26 2006 07:15AM
hack2prison yahoo com
I don't know anyone report this but I have detected this when test EzUpload Pro 2.2.0
Attacker can re-config EzUpload system without login.
File: filter.php --> change Extensions Mode file type.
File: access.php --> change Protection Method accept anyone upload file
File: edituser.php --> Add us...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
Attacker can re-config EzUpload system without login.
File: filter.php --> change Extensions Mode file type.
File: access.php --> change Protection Method accept anyone upload file
File: edituser.php --> Add us...
[ more ]