|
Russcom PHPImages lack of validation=0D
=0D
Discovered by: Nomenumbra=0D
Date: 21/5/2006=0D
impact:moderate =0D
=0D
Russcom's PHPImages doesn't validate if the uploaded=0D
file is an image, it just checks for the extension, thus =0D
allowing an attacker to upload php scripts with a .gif extension=0D
for example, potentially allowing him (trough file inclusion vulns for=0D
example) to execute arbitrary code.=0D
=0D
Nomenumbra