Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability Dec 18 2007 08:31PM
recklessb users sourceforge net
UU already provides a mechanism to detect file extensions client and server side. It is "YOUR" responsibility when you install this script to add file extensions that you may or may not want uploaded. Jeesh!

$disallow_extensions = '/(sh|php|php3|php4|php5|py|shtml|phtml|cgi|pl|plx|htaccess|htpasswd)$/i

$allow_extensions = '/(jpg|jpeg|gif|bmp)$/i';

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus