Full Disclosure

Re: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8

April 5, 2015 007admin Leave a comment

Posted by Larry W. Cashdollar on Apr 05

Hello Folks,

You can get php execution by using the file extension .phtml for both of these advisories. I’m currently updating the
advisories and the vendor.

Try using an uncommon extension not defined in /etc/mime.types.

$ grep “#app” /etc/mime.types
#application/vnd.ms-pki.stl stl
#application/x-httpd-eruby rhtml
#application/x-httpd-php…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information