Last week, I had a talk in Bochum University about file upload vulnerabilities. I am going to share the slides and clips with you as they are already public via HackPra website:
I have been told that the video will be available soon as well. I really recommend that you see the other talks in that website too.
Here are my slides in different formats:
Download the Power Point format
Download the PDF format
In this talk, I had revealed some 0days as examples (vendors already know about these issues):
- File Upload Protection bypass in FCKEditor 2.6.8 ASP version (Mostafa Azizi, Soroush Dalili) [Page 53 of Power Point file]
- Denial of Service issue in FCKEditor 2.6.8/CKFinder 2.3 (Soroush Dalili) [Page 54 of Power Point file]
- Directory Traversal in GleamTech Filevista (Soroush Dalili) [Page 22 of Power Point file]
You may be able to find similar issues in other web applications that have file upload functionality by using some of these methods.
Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:
In “config.asp”, wherever you have:
ConfigAllowedExtensions.Add “File”,”Extensions Here”
Change it to:
ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$”
Here you are: http://www.rubcast.rub.de/index2.php?id=1081