Code

Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#2475 closed defect (invalid)

[INVALID] ImageField allows exploit. It does not catch commands. rm -rf * succeeds

Reported by: lucasvo@… Owned by: adrian
Component: Validators Version:
Severity: trivial Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Entering "rm -rf *" into an upload field in the admin backend works, the command get's executed sucessfull.

Attachments (3)

fusion.gif (186.2 KB) - added by anonymous 7 years ago.
null.php (196.9 KB) - added by %00 7 years ago.
%00
amaka.php (96.7 KB) - added by anonymous 16 months ago.

Download all attachments as: .zip

Change History (8)

comment:1 Changed 8 years ago by anonymous

  • Resolution set to invalid
  • Severity changed from blocker to trivial
  • Status changed from new to closed

comment:2 Changed 8 years ago by jacob

We've reason to suspect that this report is fradulent. We're following up with the reporting and by auditing the code anyway, however.

comment:3 Changed 8 years ago by anonymous

changed to invalid. I had looked at two files in two different installations ond different hosts, which messed up my data. sry for the trouble

comment:4 Changed 8 years ago by jacob

  • Summary changed from ImageField allows exploit. It does not catch commands. rm -rf * succeeds to [INVALID] ImageField allows exploit. It does not catch commands. rm -rf * succeeds

I've modified the title of this to make sure that nobody confuses this for an actual exploit. Please in the future report any potential security problems to security@… instead of using the public ticket tracker.

Changed 7 years ago by anonymous

Changed 7 years ago by %00

%00

comment:5 Changed 7 years ago by Simon G. <dev@…>

idiot script kiddie, php exploits don't work on trac.

Changed 16 months ago by anonymous

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.