[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Russcom PHPImages lack of validation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Russcom PHPImages lack of validation
From: zerogue@xxxxxxxxx
Date: 22 May 2006 19:10:39 -0000

Russcom PHPImages lack of validation

Discovered by: Nomenumbra
Date: 21/5/2006
impact:moderate 

Russcom's PHPImages doesn't validate if the uploaded
file is an image, it just checks for the extension, thus 
allowing an attacker to upload php scripts with a .gif extension
for example, potentially allowing him (trough file inclusion vulns for
example) to execute arbitrary code.

Nomenumbra

Prev by Date: QBv14 XSS
Next by Date: Russcom Ping Remote code execution
Previous by thread: QBv14 XSS
Next by thread: Russcom Ping Remote code execution
Index(es):
- Date
- Thread