[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability
From: recklessb@xxxxxxxxxxxxxxxxxxxxx
Date: 18 Dec 2007 20:31:13 -0000

UU already provides a mechanism to detect file extensions client and server 
side. It is "YOUR" responsibility when you install this script to add file 
extensions that you may or may not want uploaded. Jeesh! 

$disallow_extensions = 
'/(sh|php|php3|php4|php5|py|shtml|phtml|cgi|pl|plx|htaccess|htpasswd)$/i';
$allow_extensions = '/(jpg|jpeg|gif|bmp)$/i';

Prev by Date: Google Toolbar Dialog Spoofing Vulnerability
Next by Date: [ GLSA 200712-13 ] E2fsprogs: Multiple buffer overflows
Previous by thread: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability
Next by thread: Apple OS X Software Update Remote Command Execution
Index(es):
- Date
- Thread