[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
From: "underground stockholm" <underground-stockholm@xxxxxxxxxxxxx>
Date: Sat, 27 Nov 2010 05:38:41 +0100

TITLE: jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php 
Arbitrary File Upload
PRODUCT: jQuery Lightweight Rich Text Editor (lwrte) Plugin
PRODUCT URL 1: http://code.google.com/p/lwrte/
PRODUCT URL 2: http://plugins.jquery.com/project/lwRTE
CHECKED VERSIONS: 1.2
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/

BUG:

Input passed as file uploads to the uploader.php script is not verified before 
being used to store files in the "uploads" directory. This can be exploited to 
execute arbitrary PHP code by uploading PHP files.




-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Prev by Date: Google Desktop Insecure Library Loading Vulnerability
Next by Date: SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X
Previous by thread: Google Desktop Insecure Library Loading Vulnerability
Next by thread: SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X
Index(es):
- Date
- Thread