Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 19. Oct 2017, 19:59

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: 18. Oct 2011, 09:34 
Offline

Joined: 18. Oct 2011, 09:32
Posts: 1
There is no mention of a security update that fixes the remote file upload exploit in JFUploader. When will this be patched?

Details:
http://xforce.iss.net/xforce/xfdb/62897

http://www.exploit-db.com/exploits/15353/


Top
 Profile  
 
PostPosted: 18. Oct 2011, 13:23 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10497
It is already implemented a detection of this since now almost 10 months!

this was part of JFU 2.12

$remove_multiple_php_extension = true; // Some servers execute e.g. file.php.gif files which is a security issue. If you don't allow php files to upload please leave this to true because of security reasons.
$scan_images = true; // Scans images (gif,png,jpg) for php code. This is done by default when no size could be detected. By setting this to true all files are scanned because there are gif exploits around that returns valid sizes!

And this is only a problem if your sever is configured to handle multiple extensions like .php.gif files as php code which is normally not enabled by default!

But as I have written. Since 2.12 this is no issue anymore...

Best, Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO