[VIM] Any clues? MHG Security Team --- Gallery Upload Vulnerabilities

Steven M. Christey coley at mitre.org
Wed May 17 00:43:51 EDT 2006

# MHG Security Team --- Gallery Upload Vulnerabilities

Ummmmmmmm....  what?

1) some sources seem to have concluded that this is a file upload
   problem.  Did anybody do post-disclosure analysis to come to this
   conclusion, or was it a best guess based on the words that the
   researcher happened to use?

2) The researcher says "This Code Not Include..." and gives an example
   of what is apparently client-side Javascript that tries to enforce
   the type of document that will be uploaded.  But is the researcher
   saying that the products *DO* have this code, and are thus victims
   of file upload issues because the client-side javascript can be
   bypassed?  OR, has the researcher suggested that the vulns in these
   products are because the clients DON'T have code like this (thus
   the researcher is proposing a vulnerable solution)

   On a second glance, I think maybe by saying "This is Code Deleted
   Your Scripts And All File Upload victim hosts," maybe the
   researcher means: "if you delete this checking code from your [web
   pages], then you can do file uploads."  If so, then it would argue
   for the products all having this same code - or maybe this was just
   one example.

3) I don't see any immediate codebase relationships between some of
   these products (besides obviously the duXYZ products), but *if* the
   researcher is saying that the products all have this code, then
   there's obviously a codebase relationship somewhere...

So, to summarize:

  Ummmmmmmm....  what?

- Steve

More information about the VIM mailing list