Opened 18 years ago

Closed 18 years ago

Last modified 17 years ago

#2475 closed defect (invalid)

[INVALID] ImageField allows exploit. It does not catch commands. rm -rf * succeeds

Reported by: lucasvo@… Owned by: Adrian Holovaty
Component: Validators Version:
Severity: trivial Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Entering "rm -rf *" into an upload field in the admin backend works, the command get's executed sucessfull.

Attachments (3)

fusion.gif (186.2 KB ) - added by anonymous 17 years ago.
null.php (196.9 KB ) - added by %00 17 years ago.
%00
amaka.php (96.7 KB ) - added by anonymous 12 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 by anonymous, 18 years ago

Resolution: invalid
Severity: blockertrivial
Status: newclosed

comment:2 by Jacob, 18 years ago

We've reason to suspect that this report is fradulent. We're following up with the reporting and by auditing the code anyway, however.

comment:3 by anonymous, 18 years ago

changed to invalid. I had looked at two files in two different installations ond different hosts, which messed up my data. sry for the trouble

comment:4 by Jacob, 18 years ago

Summary: ImageField allows exploit. It does not catch commands. rm -rf * succeeds[INVALID] ImageField allows exploit. It does not catch commands. rm -rf * succeeds

I've modified the title of this to make sure that nobody confuses this for an actual exploit. Please in the future report any potential security problems to security@… instead of using the public ticket tracker.

by anonymous, 17 years ago

Attachment: fusion.gif added

by %00, 17 years ago

Attachment: null.php added

%00

comment:5 by Simon G. <dev@…>, 17 years ago

idiot script kiddie, php exploits don't work on trac.

by anonymous, 12 years ago

Attachment: amaka.php added
Note: See TracTickets for help on using tickets.
Back to Top