You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The second bug is if the userimages directory has been created. This isn't done by default, but if it is, the upload.php allows the uploading of any file, including a PHP script:
The second bug is if the userimages directory has been created. This isn't done by default, but if it is, the upload.php allows the uploading of any file, including a PHP script:
curl -F "[email protected];filename=blah.php" http://example.com/editor/upload.php
which will return with the filename the attacker needs to call. This should be addressed before the upload of images is enabled.
The text was updated successfully, but these errors were encountered: