Bugtraq mailing list archives
jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
From: "underground stockholm" <underground-stockholm () operamail com>
Date: Sat, 27 Nov 2010 05:38:41 +0100
TITLE: jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload PRODUCT: jQuery Lightweight Rich Text Editor (lwrte) Plugin PRODUCT URL 1: http://code.google.com/p/lwrte/ PRODUCT URL 2: http://plugins.jquery.com/project/lwRTE CHECKED VERSIONS: 1.2 RESEARCHERS: underground-stockholm.com RESEARCHERS URL: http://underground-stockholm.com/ BUG: Input passed as file uploads to the uploader.php script is not verified before being used to store files in the "uploads" directory. This can be exploited to execute arbitrary PHP code by uploading PHP files. -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com
Current thread:
- jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload underground stockholm (Nov 29)