|
»
»
Important UpLoad security fix! was [Fwd: [phpwiki - Open Discussion] RE: upload security risk]
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
Important UpLoad security fix! was [Fwd: [phpwiki - Open Discussion] RE: upload security risk]
by Reini Urban
::
Rate this Message:
Please all disable the UpLoad plugin or add the attached patch for an
important security fix. Somebody is actually breaking in some wiki servers with uploading files like "deface.php.3" which apache interestingly treats as php. - if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")\$/", + if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/", With this fix it goes: "ERROR uploading 'passdecrypt.php.3': Files with extension ad[ep], asd, ba[st], chm, cmd, com, cgi, cpl, crt, dll, eml, exe, hlp, hta, in[fs], isp, jse?, lnk, md[betw], ms[cipt], nws, ocx, ops, pcd, p[ir]f, php, pl, py, reg, sc[frt], sh[bsm]?, swf, url, vb[esx]?, vxd, ws[cfh] are not allowed." See https://sourceforge.net/forum/message.php?msg_id=4249177 and thanks to hhallikainen for reporting this after going through the pain for having a hacker abusing this. Index: UpLoad.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/UpLoad.php,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- UpLoad.php 17 Feb 2007 14:16:56 -0000 1.22 +++ UpLoad.php 8 Apr 2007 12:43:45 -0000 1.23 @@ -1,5 +1,5 @@ <?php // -*-php-*- -rcs_id('$Id: UpLoad.php,v 1.22 2007/02/17 14:16:56 rurban Exp $'); +rcs_id('$Id: UpLoad.php,v 1.23 2007/04/08 12:43:45 rurban Exp $'); /* Copyright 2003,2004,2007 $ThePhpWikiProgrammingTeam @@ -144,7 +144,7 @@ $u_userfile = preg_replace("/ /", "%20", $u_userfile); $userfile_tmpname = $userfile->getTmpName(); $err_header = HTML::h2(fmt("ERROR uploading '%s': ", $userfile_name)); - if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")\$/", + if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/", $userfile_name)) { $message->pushContent($err_header); @@ -239,6 +239,10 @@ } // $Log: UpLoad.php,v $ +// Revision 1.23 2007/04/08 12:43:45 rurban +// Important security fix! +// Disallow files like "deface.php.3" also. Those are actually in the wild! +// // Revision 1.22 2007/02/17 14:16:56 rurban // allow spaces in filenames // ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Phpwiki-talk mailing list Phpwiki-talk@... https://lists.sourceforge.net/lists/listinfo/phpwiki-talk |
| Free embeddable forum powered by Nabble | Forum Help |
