Hello...
I am an IT security expert for the Emirates National Oil Company. Google is my favourite search engine by far.
Now I just read the report about the unrestricted upload issue and I think that the author is right that it is a security problem. This is a vulnerability because file name extension verification's not been used properly. The problem here has also been with the returned MIME type returned from the API
$_FILES['uploadedfile']['type']” holds the value of the MIME type. Tampering the HTTP Post request can exploit the functionality.
An attacker can bypass this protection by changing the MIME type of the shell.php to “image/gif”. So when an application checks the MIME type, it seems like a gif file. The application will then upload the malicious code shell.php. That is something that definitely needs to be fixed, if it hasn't already.
Definetely a security problem.
Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
