BugTraq
Back to list
|
Post reply
Russcom PHPImages lack of validation
May 22 2006 07:10PM
zerogue gmail com
Russcom PHPImages lack of validation
Discovered by: Nomenumbra
Date: 21/5/2006
impact:moderate
Russcom's PHPImages doesn't validate if the uploaded
file is an image, it just checks for the extension, thus
allowing an attacker to upload php scripts with a .gif extension
for example, potentially allowing him (trough file inclusion vulns for
example) to execute arbitrary code.
Nomenumbra
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Discovered by: Nomenumbra
Date: 21/5/2006
impact:moderate
Russcom's PHPImages doesn't validate if the uploaded
file is an image, it just checks for the extension, thus
allowing an attacker to upload php scripts with a .gif extension
for example, potentially allowing him (trough file inclusion vulns for
example) to execute arbitrary code.
Nomenumbra
[ reply ]