Date: Tue, 20 Nov 2018 17:08:59 -0500 From: "Larry W. Cashdollar" <larry0@...com> To: Open Security <oss-security@...ts.openwall.com> Subject: Arbitrary File Upload File Upload Vulnerability in php-traditional-server v1.2.2 Title: Arbitrary File Upload File Upload Vulnerability in php-traditional-server v1.2.2 Author: Larry W. Cashdollar, @_larry0 Date: 2018-11-15 CVE-ID:[CVE-2018-9209] CWE: CWE-434 Arbitrary File Upload Download Site: N/A Vendor: FineUploader Vendor Notified: 2018-11-15, software discontinued. Advisory: http://www.vapidlabs.com/advisory.php?v=208 Description: PHP-based server-side example for handling traditional endpoint requests from Fine Uploader Vulnerability: The code in endpoint.php allows file uploads and doesn't check if the users authenticated or the file type. This allows for executable files to be uploaded and therefore remote code execution. Lines 37-38 from endpoint.php: 37: // Specify the list of valid extensions, ex. array("jpeg", "xml", "bmp") 38: $uploader->allowedExtensions = array(); // all files types allowed by default Exploit Code: https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9209
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.