Hosting Provided By

Re: Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files

From: lcat <lcat(at)email.dp.ua>
Date: Wed Sep 05 2007 - 10:34:15 EDT

Unfortunately user can upload files by default. Olate 3.4.2 check the extension of uploaded file and by default you can't upload anything. Admin have to indicate which extensions are allowed for uploading.
Here is code:
if ($site_config['enable_useruploads'] == 1) {

	// Upload file
	if (isset($_FILES['uploadfile']))
	{		
		$ext = strrchr($_FILES['uploadfile']['name'], '.');
		$allowed_ext = explode(',', $site_config['uploads_allowed_ext']);
			
		if (in_array($ext, $allowed_ext))
		{

Good Luck.

On Friday 31 August 2007, imei Addmimistrator wrote:
> VISIT ORIGINAL ADVISORY FOR MORE DETAILS
> http://myimei.com/security/2007-09-01/olate-download-342-useruploadphp-uplo
>ad-executable-files.html VISIT ORIGINAL ADVISORY FOR MORE DETAILS/
> â€”â€”-Summaryâ€”â€”
> Software: Olate Download
> Sowtware's Web Site: http://www.olate.co.uk/
> Versions: 3.4.2
> Class: Remote
> Status: Unpatched
> Exploit: Available
> Solution: Not Available
> Discovered by: imei Addmimistrator
> Risk Level: High
>
> VISIT ORIGINAL ADVISORY FOR MORE DETAILS
>
> http://myimei.com/security/2007-09-01/olate-download-342-useruploadphp-uplo
>ad-executable-files.html VISIT ORIGINAL ADVISORY FOR MORE DETAILS/
Received on Wed Sep 5 17:22:27 2007

This message: [ Message body ]
Next message: Tom Yu: "updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer"
Previous message: rPath Update Announcements: "rPSA-2007-0177-1 kdebase kdelibs"
In reply to: imei Addmimistrator: "Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:14:38 EDT