oss-sec mailing list archives
Re: Insecure file upload in Berta CMS
From: Simon Waters <simon.waters () surevine com>
Date: Mon, 30 Mar 2015 12:35:43 +0100
On 28 Mar 2015, at 05:47, cve-assign () mitre org wrote: Signed PGP parthttp://seclists.org/fulldisclosure/2015/Mar/155We found that the file upload didn't require authentication.... Use CVE-2015-2780 for this "didn't require authentication" issue.
Thanks
The ability to bypass image validation by using certain .php files that begin with a "GIF89" substring might be considered a bug, but is perhaps not a security bug.
Your analysis is similar to mine, and private correspondence with the developer. I've added a comment to PHP docs for getimagesize to remind folks it doesn't validate images, I don't think this is a bug. It might be a useful feature for PHP to have a simple file upload validation (Image magick has one), but there is no guarantee that valid files won't be misinterpreted as malicious if you can get them interpreted in an inappropriate context.
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Fwd: Insecure file upload in Berta CMS Simon Waters (Mar 27)
- Re: Fwd: Insecure file upload in Berta CMS cve-assign (Mar 27)
- Re: Insecure file upload in Berta CMS Simon Waters (Mar 30)
- Re: Fwd: Insecure file upload in Berta CMS cve-assign (Mar 27)