The path to improper handling resulting in a registered user can delete the site on any picture
To register a user, after login click on upload avatar, for example, the address is:
http://www.badguest.cn /jishigou30s/index. php? mod=settings&code=face
In the end add&temp_face=././images/noavatar.gif then access, and then my avatar that will load this image, click on the following“confirmation”, the Avatar of the wood are modified successfully, but noavatar. gif this file was deleted.
Vulnerability to prove:
Just find a memo Dog Station can be proved. Image need to have writable permissions
For the reception of the input path are forced to judge and filter
Since the site in the upload avatar is complete delete the temporary files of the judge is not strict, resulting in this vulnerability, thanks for the feedback, it has provided the appropriate fixes, and update-related download.
See: the http://cenwor.com/thread-12847-1-1.html