TITLE: jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload PRODUCT: jQuery Lightweight Rich Text Editor (lwrte) Plugin PRODUCT URL 1: http://code.google.com/p/lwrte/ PRODUCT URL 2: http://plugins.jquery.com/project/lwRTE CHECKED VERSIONS: 1.2 RESEARCHERS: underground-stockholm.com RESEARCHERS URL: http://underground-stockholm.com/ BUG: Input passed as file uploads to the uploader.php script is not verified before being used to store files in the "uploads" directory. This can be exploited to execute arbitrary PHP code by uploading PHP files. -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com
