Description
From the publishers site:
Swanson Share is a file hoster that allows you to upload a file
that can only be downloaded once before it is deleted.
All downloads are secured, so you can use Swanson Share to distribute digital downloads.
Problem
Secured, eh? We certainly have a very different view on what “secure” means.
The script allows visitors to upload php-script files (strike 1), stores them in a publicly viewable folder under the web root, only prepending a random number in front of the original filename (strike 2) and upon download of the file, includes the file and thus runs any and all php-code inside (strike 3, you’re out!)
An attacker could easily write up a script to drop a php-shell on the remote server, and have that script run by first uploading and then downloading the file.
Continue reading ‘Swanson Share malicious code execution vulnerability’