Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload

From: "underground stockholm" <underground-stockholm () operamail com>
Date: Sat, 27 Nov 2010 05:38:41 +0100
TITLE: jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
PRODUCT: jQuery Lightweight Rich Text Editor (lwrte) Plugin
PRODUCT URL 1: http://code.google.com/p/lwrte/
PRODUCT URL 2: http://plugins.jquery.com/project/lwRTE
CHECKED VERSIONS: 1.2
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/

BUG:

Input passed as file uploads to the uploader.php script is not verified before being used to store files in the 
"uploads" directory. This can be exploited to execute arbitrary PHP code by uploading PHP files.




-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
Previous By Date Next
Previous By Thread Next

Current thread: