Blog

Hole in AjexFileManager 1.0

One good man reported found vulnerability through which you can download any file.

namely through CKEditor - bookmark Upload, fast downloading of files without opening an additional window, somehow missed check there for downloaded files.

In general, to remedy the situation you need ajax.php file around line 260 was written if (move_uploaded_file ()) need to add test:

$fileName = getFreeFileName($_FILES['upload']['name'], $toDir);     
$ext = substr($fileName, strrpos($fileName, '.') + 1);     
$ext = strtolower($ext);     
if (!in_array($ext, $cfg['deny'][$cfg['type']]) && in_array($ext, $cfg['allow'][$cfg['type']]) && move_uploaded_file($_FILES['upload']['tmp_name'], $toDir . DIR_SEP . $fileName)) {

12, 12 17 August 2010, 00:57

12

Write comment

Name:

E-mail:

City:

Write in ICQ or E-mail
Once the On-Line will immediately answer

Welcome

My name is Alexander, on his website, I gathered a brief information about yourself as well as portfolio work done.

← Here, I publish their thoughts, ideas and implementation. In general, all the small stuff and not only. In fact, using a notebook.