[Maybe] Uploadify Vulnerability

Status
Not open for further replies.

Danny.Domb

Founder license
License owner

Rodolfo

The Chevere Guru
Chevereto Staff
People love to nail down false or totally invalid reports on well know scripts. In this case this is not a uploadify error because uploadify only handles the submission of the content and the basic file validation like file type and file size. That content can be easily fake and make believe uploadify that those content is ok, but is the same as the files method. Uploadify needs (and every script like that) a server side verification.

But for the people is easy to say that Uploadify has a exploit instead of telling the true story, that the problem is the Wordpress Plugin. I don't know, this people take this security issue and exploits reports like a race when you report almost anything stupid or invalid just to count +1, no one checks it and they claim fast in google search.

I don't know why we have so many people doing this stupid exploit reports instead of people actually coding. As a developer I told you that almost every exploit report is not actually a exploit or is not well documented, or is invalid. People often post "Exploit in Wordpress!" and in the fine print it says "only affects WP in php 5.2.1.7.58 DEV 654685456 on Windows XP".... A little bit of common sense here?
 
Status
Not open for further replies.
Top