ADZ Security Team =================== Info Program: DoKuWiki Version: 2005-02-18 Module: media.php Bug type: File Upload bug Vendor site: http://wiki.splitbrain.org/ Vendor Informed: Yes =================== Bug Info Remote user with file-upload privileges can upload anyone file with any extention/content, like a <?php system($_GET['cmd']); ?> in php-script If uploaded file cases allowed extention, like a cmd.gif.php, system allows to upload it I'd tested it on php-4.3.7. =================== Contact ADZ Security Team URL: http://adz.void.ru/ IRC: #adz @ QuakeNet MAIL: kre0n@xxxxxxx, adz.kreon@xxxxxxxxx (for non-russian users)
