[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Jacob Santos wordpress at santosj.name
Thu Nov 12 16:18:06 UTC 2009


Okay, good news, we've fixed the extension exploit and then will have to 
wait another 6 to 8 months while another XSS attack shows up about 
people adding images executing JavaScript on their servers (which isn't 
completely bad since most / all administrative tasks requires a nonce).

However, If we are all on top of security exploits, this is an extremely 
simple one to fix and one that is used often to execute JS. However, the 
correct fix would to be check all images against the function and that 
might be prohibitive. At least for ones that are uploaded.

Jacob Santos

>>/ Wouldn't getimagesize($imgfile); do a check to ensure the file has width and
/>/> height, which an image has but a script file does not? Or can that be
/>/> fudged?
/
> That might work for images, but what about audio and other types of
> valid content?



More information about the wp-hackers mailing list