<<< Date Index >>>     <<< Thread Index >>>

Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability



UU already provides a mechanism to detect file extensions client and server 
side. It is "YOUR" responsibility when you install this script to add file 
extensions that you may or may not want uploaded. Jeesh! 

$disallow_extensions = 
'/(sh|php|php3|php4|php5|py|shtml|phtml|cgi|pl|plx|htaccess|htpasswd)$/i';
$allow_extensions = '/(jpg|jpeg|gif|bmp)$/i';