[geeklog-announce] Unsolicited file uploads through FCKeditor
Dirk Haun
dirk at haun-online.de
Tue Sep 2 15:09:21 EDT 2008
A user by the name of t0pP8uZz has demonstrated that FCKeditor's file
upload can also be used to upload files directly, bypassing Geeklog's
restrictions.
Fortunately, these uploads are still restricted by FCKeditor's
whitelist, so you can not upload scripts. This issue still has the
potential for malicious use, though.
For details and fixes, please see
http://www.geeklog.net/article.php/file-uploads
--
http://www.geeklog.net/
http://geeklog.info/
More information about the geeklog-announce
mailing list