[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Jacob Santos
wordpress at santosj.name
Thu Nov 12 16:18:06 UTC 2009
Okay, good news, we've fixed the extension exploit and then will have to
wait another 6 to 8 months while another XSS attack shows up about
people adding images executing JavaScript on their servers (which isn't
completely bad since most / all administrative tasks requires a nonce).
However, If we are all on top of security exploits, this is an extremely
simple one to fix and one that is used often to execute JS. However, the
correct fix would to be check all images against the function and that
might be prohibitive. At least for ones that are uploaded.
Jacob Santos
>>/ Wouldn't getimagesize($imgfile); do a check to ensure the file has width and
/>/> height, which an image has but a script file does not? Or can that be
/>/> fudged?
/
> That might work for images, but what about audio and other types of
> valid content?
More information about the wp-hackers
mailing list