BugTraq
EzUpload multi file vulnerabilities Jul 26 2006 07:15AM
hack2prison yahoo com
I don't know anyone report this but I have detected this when test EzUpload Pro 2.2.0

Attacker can re-config EzUpload system without login.

File: filter.php --> change Extensions Mode file type.

File: access.php --> change Protection Method accept anyone upload file

File: edituser.php --> Add user who can upload

File: settings.php --> Change admin informations

File: index.php --> Upload file without login even system require login

Check it and fun

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus