——-Summary——
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Not Available
Discovered by: imei Addmimistrator
Risk Level: High
——Description—–
Olate download is prone to Upload executable file in uploads folder, If admin specified users can upload files.
Olate does not check Extension of uploaded file, and store them with its original extension. So uploading .php and .cgi and etc. files are possible. User can upload and run a shell script file simply.
——-Exploit——–
upload a shell in userupload.php file.
——Conditions——-
Admin must grant upload permission to users.
——-Solution——-
Place an empty file named index.htm on mentioned folder or Update to 3.4.3
——–Credit——–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com
2 Responses to “Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files”
Something to say?
You must be logged in to post a comment.
http://www.securityfocus.com/bid/25509
Left by imei on September 3rd, 2007
This only works if you specify those extensions in the Administration Center. Nevertheless, this issue along with a whole bunch of other ones is addressed in 3.4.3 that will be released tomorrow.
Left by gburnes on October 8th, 2007