PHP File Uploader Remote File Upload Vulnerability
BID:40159
Info
PHP File Uploader Remote File Upload Vulnerability
| Bugtraq ID: | 40159 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 03 2010 12:00AM |
| Updated: | Jan 03 2010 12:00AM |
| Credit: | indoushka |
| Vulnerable: |
PHP File Uploader PHP File Uploader 0 |
| Not Vulnerable: | |
Discussion
PHP File Uploader Remote File Upload Vulnerability
PHP File Uploader is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately limit the types of files that are uploaded.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks may also possible.
PHP File Uploader is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately limit the types of files that are uploaded.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks may also possible.
Exploit / POC
PHP File Uploader Remote File Upload Vulnerability
Attackers can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/PHPFileUploader/_uploads/ch99.php__2010-01-02_10.00am.php
Attackers can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/PHPFileUploader/_uploads/ch99.php__2010-01-02_10.00am.php
Solution / Fix
PHP File Uploader Remote File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
References
PHP File Uploader Remote File Upload Vulnerability
References:
References:
- PHP File Uploader Homepage (PHP File Uploader)