Recent Topics
  1. b2evolution CMS Support Forums
  2. Archives
  3. Older bugs
  4. Bugs in versions 0.x
  5. Image upload, XSS bug?

Image upload, XSS bug?

1 Aug 26, 2005 11:36    

Hello,

Consider multiuser environment on b2evo.

1. Register and get permission to create blog and start new post.
2. Create text file with any html code you would like to run on server, rename extension to .jpg, f.e., and upload.
3. Get the full URL to uploaded file and run it in IE.

IE will render html code and will not consider the file extension.

Check for file extension in b2upload.php is not enough, you need to check mime type of image using getimagesize also.

Will someone post a fix or I can do that?

Back to top

2 Aug 26, 2005 17:33

If you can make the hack please do so, and post it in the plugins and hacks forums.

Back to top

3 Aug 26, 2005 17:43

I tried uploading a text file with jpg as the extension. When I tried to view it, it just said "The image “http://www.brendoman.com/test.jpg” cannot be displayed, because it contains errors."

Back to top

4 Aug 26, 2005 20:36

EdB,

ok, I will manage with it today.

personman,

try to open the file with IE, maybe you are using another browser.

Back to top

5 Aug 26, 2005 20:38

Good old IE! You're right. I can see the code in IE.

Back to top


Form is loading...