Closed Eric-11 closed 9 years ago
Thanks for bringing this up. I think this could be three separate issues, but let me address them.
The PHP upload issue should be taken care of, due to a friend's commit - PHP files can no longer be uploaded for security reasons.
As for uploads being in webroot and file renaming - agreed these are publicly accessible if someone knows the full path to the file. In order to fix this, we would need to upload to somewhere non-public, and then write a PHP script to load the file and return it.
It seems this plugin violates two basic rules:
This allows someone to upload a pwn.php file then run it via /files/pwn.php
While I haven't checked further there could be other issues based on comments I've seen: