TUCoPS :: Web :: PHP :: b06-2397.htm

Russcom PHPImages lack of validation
Russcom PHPImages lack of validation
Russcom PHPImages lack of validation



Russcom PHPImages lack of validation=0D
=0D
Discovered by: Nomenumbra=0D
Date: 21/5/2006=0D
impact:moderate =0D
=0D
Russcom's PHPImages doesn't validate if the uploaded=0D
file is an image, it just checks for the extension, thus =0D
allowing an attacker to upload php scripts with a .gif extension=0D
for example, potentially allowing him (trough file inclusion vulns for=0D
example) to execute arbitrary code.=0D
=0D
Nomenumbra

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH