[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget - acess list bypass / race condition PoC

From: moparisthebest
Subject: Re: [Bug-wget] Wget - acess list bypass / race condition PoC
Date: Mon, 15 Aug 2016 10:02:55 -0400


I find it extremely hard to call this a wget vulnerability when SO many
other things are wrong with that 'vulnerable code' implementation it
isn't even funny:

1. The image_importer.php script takes a single argument, why would it
download with the recursive switch turned on?  Isn't that clearly a bug
in the php script?  Has a php script like this that downloads all files
from a website of a particular extension ever been observed in the wild?

2. A *well* configured server would have a whitelist of .php files it
will execute, making it immune to this.  A *decently* configured server
would always at a minimum make sure they don't execute code in
directories with user provided uploads in them.  So it's additionally a
bug in the server configuration. (incidentally every php package I've
downloaded has at minimum a .htaccess in upload directories to prevent
this kind of thing with apache)

It seems to me like there has always been plenty of ways to shoot
yourself in the foot with PHP, and this is just another iteration on a

Just my 2 cents,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]