[VIM] possibly true: Olate Download 3.4.2 userupload.php / upload
Steven M. Christey
coley at mitre.org
Sat Sep 8 01:46:14 UTC 2007
Researcher: imei Addmimistrator, who's usually accurate
The researcher's http://myimei.com site is generating a server error
There's a dispute here:
Olate 3.4.2 check the extension of uploaded file and by default you
can't upload anything.
then there's a code extract:
$ext = strrchr($_FILES['uploadfile']['name'], '.')
BUT... it seems to me like the code extract could be vulnerable with a
double-extension like "abc.php.gif" on Apache or other servers that
would process this as a PHP program.
I don't have the time to investigate this more closely, however.
More information about the VIM