[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Lynne Pope
lynne.pope at gmail.com
Wed Nov 11 20:53:34 UTC 2009
2009/11/12 Matt Martz <matt at sivel.net>
> > Couldn't you just block anything with *.php.* from being uploaded thru
> > wordpress?
>
> Ryan has opened a ticket for this and has already attached a patch.
>
> http://core.trac.wordpress.org/ticket/11122
>
Cool :-)
I just learned that Multiviews are enabled by default and that this is the
config for WHM/cPanel servers. Which means a whole heap of WordPress users
will have this without knowing that this kind of content negotiation can
result in security vulnerabilities.
Re - the patch, I have a question I want to make here (because it could be
completely off the wall)...
Wouldn't getimagesize($imgfile); do a check to ensure the file has width and
height, which an image has but a script file does not? Or can that be
fudged?
I am not yet in the PHP expert league, as some of you are, so thought I'd
ask here rather than clutter up the trac ;)
Cheers,
Lynne
--
http://twitter.com/elpie/
More information about the wp-hackers
mailing list