News:

Support the VirtueMart project and become a member

Main Menu

0day poc exploit jQuery File Upload vulnerability

Started by 2dmaster, October 19, 2018, 22:34:37 PM

Previous topic - Next topic

2dmaster

Pls report to joomla if needed

https://xakep.ru/2018/10/19/jquery-file-upload/?amp

You can see many videos on utube about this topic

Studio 42

I found some other upload plugins having same type of vulnerability.
The problem is not the script, it's the possiblity to upload any files.
If you verify the uploaded files (using exif or getimagesize) it's not a problem, only dumb dont check for uploaded file and all script have potential vulnerabilities, Vm permit uploading any type of files, so VM is vulnerable by default if an admin send a file.
But do you verify all free plugins, modules,component you download and install in Joomla ? i have already found in more then 10 Joomla websites vulnerabilities because this free extentions(and some paid) and some compagnies are well know in Joomla/VM community.