logo
DATABASE RESOURCES PRICING ABOUT US

JE Messenger 1.0 Arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Description

Publishing author: Salvatore Fresta aka Drosophila Official website: joomlaextensions. co. in Vulnerability type: file upload Vulnerability Description: The program save the function in an error, the compose.php allows to registered users to upload with any file extension. For a valid file extension after making the check upload and in case of failure, the file is not deleted from the server. This can be utilized to perform the upload of arbitrary PHP code in the PHP file. The name of the file is different after upload: $File['name'] =time()'in'$file['name'] on..; For example: Original file name: shell.php Upload File name: 1291907399inshell.php The file will be uploaded to the following directory: $dest = JPATH_ROOT. DS.'components/'.$ option.'/ assets/images/'.$ file['name']; The default target is: http://www.XXX.com/path/components/com_jemessenger/assets/images/