File upload vulnerability

  • Resolved flutewon

    (@flutewon)


    10 years, 10 months ago

    I think your application is useful and good but the plugin can be uploaded through the shell file of the changed file extension like this “c99shell.php” -> “c99shell.php.jpg” the jpg file is loaded php file. I think you should add some code for filtering.

    I can’t speak English well . So I’m afraid you will not understand well. If you need more information please ask me more questions. thank you.

    https://ww.wp.xz.cn/plugins/work-the-flow-file-upload/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author lynton_reed

    (@lynton_reed)

    10 years, 10 months ago

    This was an issue in early versions but Protections were put in place to prevent this.

    Php renamed as jpg can be uploaded but cannot be executed.

    If you have between able to subvert this please explain further, but I don’t believe this is possible.

    Thread Starter flutewon

    (@flutewon)

    10 years, 10 months ago

    Do not speak English well enough to explain it.

    Please let me know your e-mail address. I’ll send you captures.

    not php Rename
    /var/www/html/wordpress/wp-content/uploads/1/wtf-fu_files/default/c99shell.php.jpg -> php not Rename

    Or It was not yet fixed.
    See you try c99shell.php.jpg.

    Plugin Author lynton_reed

    (@lynton_reed)

    10 years, 10 months ago

    Claims of vulnerabilities are extremely damaging to this plugin.

    A lot of work was done to prevent potential exploits, including the one you describe.

    You have raised this publicly so please also substantiate your claim publicly in this thread so other people can make an informed assessment.

    If you have a genuine issue and can detail steps to reproduce it, I will most certainly investigate it.

    Plugin Author lynton_reed

    (@lynton_reed)

    10 years, 10 months ago

    Thread Starter flutewon

    (@flutewon)

    10 years, 10 months ago

    Capture files sent to your email.

    Plugin Author lynton_reed

    (@lynton_reed)

    10 years, 10 months ago

    Nothing further supplied to support this claim. Resolving.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘File upload vulnerability’ is closed to new replies.