[wp-trac] [WordPress Trac] #21981: Securing the uploads directory

WordPress Trac wp-trac at lists.automattic.com
Tue Sep 25 01:19:43 UTC 2012


#21981: Securing the uploads directory
-------------------------+----------------------
 Reporter:  japh         |       Owner:
     Type:  enhancement  |      Status:  closed
 Priority:  normal       |   Milestone:
Component:  Upload       |     Version:
 Severity:  normal       |  Resolution:  wontfix
 Keywords:               |
-------------------------+----------------------

Comment (by dd32):

 > A compromised user account can use scripts in /uploads/ to exploit the
 installation.

 If they get access to an Administrator !WordPress login, they'll have
 access to the Theme/Plugin editor on most hosts, but unless the site
 specifically has ALLOW_UNFILTERED_UPLOADS enabled (it's off by default)
 they won't be able to upload a .php file.

 That being said, since !WordPress doesn't do mime checking on the uploaded
 files, it's still possible with some poorly configured CGI environments to
 upload a .gif (or similar) which contains PHP code to be executed -
 .htaccess can't help that scenario though.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21981#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list