serendipity_uploadSecure bug
Posted: Sat Jan 01, 2005 2:32 pm
In serendipity_uploadSecure function, the preg_replace pattern should accept only alphanumeric, numbers, ".", "_" and "-" characters, without the "/" character beacause this can lead to a upload path traversion vulnerability in Windows.
Example:
Consider the following userfile name: "../malicious.php" this will upload the local file in the directory below of where the php script should normally copies it.
raperu2000 [at] yahoo
Example:
Consider the following userfile name: "../malicious.php" this will upload the local file in the directory below of where the php script should normally copies it.
raperu2000 [at] yahoo