lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jun 2007 15:35:54 +0200 From: Alla Bezroutchko <alla@...nit.be> To: webappsec@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Paper: Secure file upload in PHP web applications Various web applications, such as blogs, forums and photo galleries allow users to upload files. Providing file upload function without opening security holes proved to be quite a challenge in PHP web applications. The applications we have tested suffered from a variety of security problems, ranging from arbitrary file disclosure to remote arbitrary code execution. The paper describes various security holes occurring in file upload implementations and suggests a way to implement a secure file upload. The paper can be downloaded from http://www.scanit.be/uploads/php-file-upload.pdf Regards, Alla Bezroutchko Scanit http://www.scanit.be/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists