Hintay
commented
8 years ago Fixed. Please contact us directly via Email if found security bugs. Public details are not appropriate before fixed.
Closed lemon4ex closed 8 years ago
Hintay
commented
8 years ago Fixed. Please contact us directly via Email if found security bugs. Public details are not appropriate before fixed.
Showian
commented
8 years ago Fixed?!! hehh its not possible, Hintay as you know open source software always hack-able and always security bugs. as the hacker in 82_flex says, there are other holes (bug).
Hintay
commented
8 years ago THIS BUG IS FIXED. If you found other security bugs, please open a new issue or pull request to help us, rather than sarcastic.
/main/manage/plugins/uploadify/uploadify.php
这个文件漏洞太多: 1.没有限制用户访问 2.没有判断上传文件类型,可以上传任意文件到upload文件夹
apt.82flex.com貌似就是被这个黑了,这个uploadify.php插件漏洞百出,网上很多人提到了。
解决办法: 1.参考http://www.uploadify.com/documentation/uploadify/making-uploadify-secure/ 2.直接就不使用这个插件