New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
some vulnerabilities #34
Comments
|
Thank you for reporting. I sent you an email, did you get it? |
|
|
Hi
I am sorry for posting them on security sites, github. It's my mistake.
If a user upload his file on the site. Usually, we will random the filename and make the user not know the random filename. It means you can upload file and the program can use your file but you don't konw where it in.
Maybe our program filter the dangerous file type.But if attacker bypass the filter function and they know the file path, he can get shell successfully.
So we random the filename to make attacker can't get the file path.
|
|
Here's a fix that will be included in the next release (probably tomorrow): 261dbd5 |
|
Fix released: http://b2evolution.net/downloads/6-8-4 |
Hi
I find some Vulnerabilities in b2evolution CMS’s upload policy.
First, all upload filename will not be modifed. It means attacker can guess where the upload file in.
Second, comment and avadar allow upload swf file and the swf file will execute by flowplayer_plugin. We know, we can insert script code in flash swf, it means we can code execute through swf file.
The text was updated successfully, but these errors were encountered: