so an adminstrator that already has access to create html content in com_content, among other places, has access to upload html files named as image files?
i would hardly call that a serious issue. On 19 Sep 2007 10:10:34 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > OverView: > There is a programming flaw in com_media component of joomla content > mangement system. Com_media component allows only image(.png, .jpeg, .gif) > file to be uploaded to the server. but flaw is that we can upload any html > files by changing it name something like example.html.png > > Affected Product: Joomla 1.0.13 > > Proof of Concept: > > Below are the steps for POC: > > STEP1: first create an html file with any script > code. > STEP2: Login into joomla with administrator > credentials and click on media manager > component. > STEP3: use the image upload utility to upload > crafted png file with name index.html.png > STEP4: joomla will not show any error and file is > uploaded. > STEP5: Then just click on that file and script > code written in that file get executed by > user browser > > If we change the filename in step2 with example.html then try to upload, > joomla will show an error that file type is not supported. > > According to me its a serious issue in the joomla image upload alogorithm > that does`nt properly validate the format of file uploaded. > > If Com_media component is accessible to any user other then above issue can > be use to upload any html file remotely. i am not able to com_media component > access without administartor credentials. > > > > -- In God we trust, Everyone else must have an x.509 certificate.
