- Thank you received: 0
check upload for double extensions is not working
- yogitha
- Topic Author
- Offline
- New Member
-
In file upload scanner, check for double extensions is not working.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Administrator
-
- Thank you received: 344
Can you give me more details to reproduce your issue?
Regards,
Jose
Please Log in or Create an account to join the conversation.
- yogitha
- Topic Author
- Offline
- New Member
-
- Thank you received: 0
Sorry.I missed your reply.
You can reproduce by:
login to joomla website.
in any form with file upload, try to upload a file with multiple extensions ex: abc.pdf.docx OR abc.pdf.exe
the upload scanner set yes to Check multiple extensions unable to stop file upload.
we are facing this issue. pl help us.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Administrator
-
- Thank you received: 344
Which component do you use? Maybe doesn't have a good file validation. Joomla allows to upload only authorized extensions through its file manager in backend...
Regards,
Jose
Please Log in or Create an account to join the conversation.
- yogitha
- Topic Author
- Offline
- New Member
-
- Thank you received: 0
Yes. Inadvertently I opened another tag. pl ignore other one.
as seen your reply to other post, security checkpro avoids only double extensions with php files ex. abc.doc.php or abc.php.php.
but our problem is allowed extensions are: doc, xls, pdf etc.
Now joomla is checking only last extension ex: abc.doc.xls is allowed as last extension is xls which is permitted.
it is not checking for double extensions. we need to restrict it to address security audit. pl help us.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Administrator
-
- Thank you received: 344
But I need more info:
- Everybody (guests users) is able to upload files?
- Do you have any extension to upload files from frontend or do you use custom fields?
I want to configure a test environment like yours.
Regards,
Jose
Please Log in or Create an account to join the conversation.
In order to provide you with the best online experience this website uses cookies.
By using our website, you agree to our use of cookies.
This site is not affiliated with or endorsed by the Joomla! Project. It is not supported or warranted by the Joomla! Project or Open Source Matters. The Joomla! logo is used under a limited license granted by Open Source Matters, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons. This information is retained only until we check you're not trying to hack our website.