BigDump vulnerabilità v0.35b [chiusa]

-1

Non capisco quale sia il problema con BigDump v0.35b. Questo sito dice che ha un problema. Ma non lo capisco.

Problema qui?

if (!$error && isset($_REQUEST["uploadbutton"]))
{ if (is_uploaded_file($_FILES["dumpfile"]["tmp_name"]) && ($_FILES["dumpfile"]["error"])==0)
  { 
    $uploaded_filename=str_replace(" ","_",$_FILES["dumpfile"]["name"]);
    $uploaded_filename=preg_replace("/[^_A-Za-z0-9-\.]/i",'',$uploaded_filename);
    $uploaded_filepath=str_replace("\","/",$upload_dir."/".$uploaded_filename);

    do_action('file_uploaded');

    if (file_exists($uploaded_filename))
    { echo ("<p class=\"error\">File $uploaded_filename already exist! Delete and upload again!</p>\n");
    }
    else if (!preg_match("/(\.(sql|gz|csv))$/i",$uploaded_filename))
    { echo ("<p class=\"error\">You may only upload .sql .gz or .csv files.</p>\n");
    }
    else if (!@move_uploaded_file($_FILES["dumpfile"]["tmp_name"],$uploaded_filepath))
    { echo ("<p class=\"error\">Error moving uploaded file ".$_FILES["dumpfile"]["tmp_name"]." to the $uploaded_filepath</p>\n");
      echo ("<p>Check the directory permissions for $upload_dir (must be 777)!</p>\n");
    }
    else
    { echo ("<p class=\"success\">Uploaded file saved as $uploaded_filename</p>\n");
    }
  }
  else
  { echo ("<p class=\"error\">Error uploading file ".$_FILES["dumpfile"]["name"]."</p>\n");
  }
}

Con cosa?

    
posta Fye 21.05.2014 - 22:10
fonte

1 risposta

1

Leggi i dettagli CVE e puoi vedere il problema:

Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request.

Posso caricare cmd.php.sql , quindi accedervi mentre esegue una shell PHP, per esempio. Ciò significa che posso essere eseguito come utente del server web.

    
risposta data 21.05.2014 - 22:31
fonte

Leggi altre domande sui tag