[wp-trac] [WordPress Trac] #21981: Securing the uploads directory
WordPress Trac
wp-trac at lists.automattic.com
Tue Sep 25 01:19:43 UTC 2012
#21981: Securing the uploads directory
-------------------------+----------------------
Reporter: japh | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Upload | Version:
Severity: normal | Resolution: wontfix
Keywords: |
-------------------------+----------------------
Comment (by dd32):
> A compromised user account can use scripts in /uploads/ to exploit the
installation.
If they get access to an Administrator !WordPress login, they'll have
access to the Theme/Plugin editor on most hosts, but unless the site
specifically has ALLOW_UNFILTERED_UPLOADS enabled (it's off by default)
they won't be able to upload a .php file.
That being said, since !WordPress doesn't do mime checking on the uploaded
files, it's still possible with some poorly configured CGI environments to
upload a .gif (or similar) which contains PHP code to be executed -
.htaccess can't help that scenario though.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21981#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list