MIME type vulnerability FIXED!

Posted on January 11, 2011. Filed under: Programming | Tags: , , |

Hi Everyone,

Within the past few days, I found out that some hackers used a security vulnerability in my Easy File Uploader to hack into someone’s site. The site had made the uploader available to all users, including non-registered (guest) users. Unfortunately, although my module checked for the file’s MIME type, the way it did it was through the form’s submission metadata. As a result of that, the hackers were able to tamper with this data by changing the metadata after it was submitted, but before the server received it. As a result of that, I had to change the method in which the the MIME type of the file was verified.

I must give credit to Jeff Channell for providing the original code, which I tweaked a tiny bit for my purposes, to verify the MIME type. Essentially, what the new code does is to interrogate the actual file after it is downloaded in order to get it’s MIME type directly from it. This ignores the submitted metadata, and verifies the file’s true MIME type. Thus, the module won’t be fooled by any tampering.

As an additional security measure, I replaced direct PHP function calls with Joomla’s API calls for key parts of the module. This should make the module more secure overall, so that persons can enjoy its use worry-free!

Feel free to download and use the Easy File Uploader module. Also, you can check out the my equally secure Easy Flash Uploader plugin, as well.

God Bless!

  • Featured Apps

  • Archive

  • Users Online

    Users: 1 Guest, 1 Bot
  • Meta

  • Visitors

Liked it here?
Why not try sites on the blogroll...