Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

some vulnerabilities #34

Closed
phantom0301 opened this issue Jan 14, 2017 · 5 comments
Closed

some vulnerabilities #34

phantom0301 opened this issue Jan 14, 2017 · 5 comments

Comments

@phantom0301
Copy link

Hi
I find some Vulnerabilities in b2evolution CMS’s upload policy.
First, all upload filename will not be modifed. It means attacker can guess where the upload file in.
Second, comment and avadar allow upload swf file and the swf file will execute by flowplayer_plugin. We know, we can insert script code in flash swf, it means we can code execute through swf file.

@fplanque
Copy link
Contributor

fplanque commented Jan 15, 2017

Thank you for reporting.

I sent you an email, did you get it?

@fplanque
Copy link
Contributor

  1. we will change the swf file type to be uploadable only by admins.

  2. why is it bad that attackers can "guess" where the file is uploaded? The files will be displayed immediately after upload, so what's the point of hiding them?

@phantom0301
Copy link
Author

phantom0301 commented Jan 15, 2017 via email

@fplanque
Copy link
Contributor

fplanque commented Jan 15, 2017

Here's a fix that will be included in the next release (probably tomorrow): 261dbd5

@fplanque
Copy link
Contributor

Fix released: http://b2evolution.net/downloads/6-8-4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants