Menu

Topic-icon check upload for double extensions is not working

  • yogitha
  • yogitha's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
4 months 1 day ago #6945 by yogitha
Hi

In file upload scanner, check for double extensions is not working.

Please Log in or Create an account to join the conversation.

More
4 months 1 day ago #6946 by Jose
Hi yogitha,

Can you give me more details to reproduce your issue?

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • yogitha
  • yogitha's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 months 1 week ago #7091 by yogitha
Hi Jose,
Sorry.I missed your reply.
You can reproduce by:
login to joomla website.
in any form with file upload, try to upload a file with multiple extensions ex: abc.pdf.docx OR abc.pdf.exe
the upload scanner set yes to Check multiple extensions unable to stop file upload.
we are facing this issue. pl help us.

Please Log in or Create an account to join the conversation.

More
2 months 1 week ago #7092 by Jose
Hi yogitha,

Which component do you use? Maybe doesn't have a good file validation. Joomla allows to upload only authorized extensions through its file manager in backend...

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • yogitha
  • yogitha's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 months 1 week ago #7093 by yogitha
Hi Jose,
Yes. Inadvertently I opened another tag. pl ignore other one.
as seen your reply to other post, security checkpro avoids only double extensions with php files ex. abc.doc.php or abc.php.php.
but our problem is allowed extensions are: doc, xls, pdf etc.
Now joomla is checking only last extension ex: abc.doc.xls is allowed as last extension is xls which is permitted.
it is not checking for double extensions. we need to restrict it to address security audit. pl help us.

Please Log in or Create an account to join the conversation.

More
2 months 6 days ago #7094 by Jose
Ok, I understand your problem.

But I need more info:

- Everybody (guests users) is able to upload files?

- Do you have any extension to upload files from frontend or do you use custom fields?

I want to configure a test environment like yours.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.089 seconds
Powered by Kunena Forum

Login or Sign In