Bugtraq mailing list archives
AW: phpWebSite-0.10.0_exploit
From: webmaster () clueless-design de
Date: Fri, 25 Feb 2005 13:52:41 +0100
actually this bug seems to be fixed long time ago by adding following code to the EZform.php ---- if (is_null($allowedImages) || !is_array($allowedImages)) { include(PHPWS_SOURCE_DIR.'conf/allowedImageTypes.php'); $allowedImages = $allowedImageTypes; } $fileTypes = implode(", ", $allowedImages); if (!in_array($_FILES[$postVar]["type"], $allowedImages)){ $error = new PHPWS_Error("EZform", "saveImage", "Submitted image must be $fileTypes file."); return $error; } ---- code of the allowedImageTypes.php ---- <?php /* Image types which are allowed to be uploaded via phpwebsite modules */ /* Added 12/03/2003 (might not be implemented in all modules yet */ $allowedImageTypes = array("image/jpeg", "image/jpg", "image/pjpeg", "image/png", "image/x-png", "image/gif", "image/wbmp"); ?> ---- --- Ursprüngliche Nachricht --- Datum: 24.02.2005 23:16 Von: tjomka <tjomka () navigator lv> An: bugtraq () securityfocus com Betreff: phpWebSite-0.10.0_exploit
phpWebSite-0.10.0_exploit
Current thread:
- AW: phpWebSite-0.10.0_exploit webmaster (Feb 25)