On Thu, 29 Jan 2009 09:15:46 EST, "Justin C. Klein Keane" said: > Two flaws exist in this module. The first flaw allows for an attacker > to upload arbitrary files to the filesystem. The vulnerability allows > attackers to upload arbitrary files in place of the 'Default image' > specified in the Imagefield specifications for a content type field. .... > Attackers must be authenticated with an account that has 'administer > content types' permissions. Umm.. what's the risk here? Does the flaw allow the attacker to upload files that wouldn't be permitted even as the authorized account? Seems if they can administer content types, they can drop pretty much whatever they want onto the server (possibly limited as to where in the tree though), and all this does is let them drop stuff outside said tree?
Attachment:
pgpNjA2Euu_LR.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/