Bugtraq mailing list archives

Re: Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files

From: lcat <lcat () email dp ua>
Date: Wed, 5 Sep 2007 07:34:15 -0700

Unfortunately user can upload files by default.
Olate 3.4.2 check the extension of uploaded file and by default you can't 
upload anything. Admin have to indicate which extensions are allowed for 
uploading.
Here is code:
if ($site_config['enable_useruploads'] == 1)
{
        // Upload file
        if (isset($_FILES['uploadfile']))
        {               
                $ext = strrchr($_FILES['uploadfile']['name'], '.');
                $allowed_ext = explode(',', $site_config['uploads_allowed_ext']);
                        
                if (in_array($ext, $allowed_ext))
                {

Good Luck.

On Friday 31 August 2007, imei Addmimistrator wrote:

VISIT ORIGINAL ADVISORY FOR MORE DETAILS
http://myimei.com/security/2007-09-01/olate-download-342-useruploadphp-uplo
ad-executable-files.html VISIT ORIGINAL ADVISORY FOR MORE DETAILS/
——-Summary——
 Software: Olate Download
 Sowtware's Web Site: http://www.olate.co.uk/
 Versions: 3.4.2
 Class: Remote
 Status: Unpatched
 Exploit: Available
 Solution: Not Available
 Discovered by: imei Addmimistrator
 Risk Level: High

VISIT ORIGINAL ADVISORY FOR MORE DETAILS

http://myimei.com/security/2007-09-01/olate-download-342-useruploadphp-uplo
ad-executable-files.html VISIT ORIGINAL ADVISORY FOR MORE DETAILS/

Current thread:

Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files imei Addmimistrator (Sep 01)
- Re: Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files lcat (Sep 05)