Uploadify security flaw, plug-in does not require admin access to upload files!
-
I did not discover this, but it appears this plug-in, uses the uploadify script, and does not require admin access to execute the script – See here: https://packetstormsecurity.com/files/119219/WordPress-Uploader-1.0.4-Shell-Upload.html
No files of the plug-in, including an upload script, should allow external access to upload files to a users site. The file should be re-written to block non-logged in users, use a nonce to prevent CSRF attacks, and block direct access to the file as well as sanitize what files a user can upload, ie: only allow specific file types such as images and documents, and not php, pl, swf, etc.
- The topic ‘Uploadify security flaw, plug-in does not require admin access to upload files!’ is closed to new replies.
