[VIM] possibly true: Olate Download 3.4.2 userupload.php / upload

Steven M. Christey coley at mitre.org
Sat Sep 8 01:46:14 UTC 2007

Researcher: imei Addmimistrator, who's usually accurate


The researcher's http://myimei.com site is generating a server error

There's a dispute here:


that claims:

  Olate 3.4.2 check the extension of uploaded file and by default you
  can't upload anything.

then there's a code extract:

   if (isset($_FILES['uploadfile']))
     $ext = strrchr($_FILES['uploadfile']['name'], '.')

BUT... it seems to me like the code extract could be vulnerable with a
double-extension like "abc.php.gif" on Apache or other servers that
would process this as a PHP program.

I don't have the time to investigate this more closely, however.

- Steve

More information about the VIM mailing list