- Posts: 8
- Thank you received: 0
- Home
- /
- Forum
- /
- Securitycheck Pro
- /
- Bug report
- /
- Incorrect visitor IP if website uses CloudFlare
check upload for double extensions is not working
- yogitha
-
Topic Author
- Offline
- New Member
-
Less
More
1 year 6 months ago #6945
by yogitha
check upload for double extensions is not working was created by yogitha
Hi
In file upload scanner, check for double extensions is not working.
In file upload scanner, check for double extensions is not working.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4086
- Thank you received: 316
1 year 6 months ago #6946
by Jose
Replied by Jose on topic check upload for double extensions is not working
Hi yogitha,
Can you give me more details to reproduce your issue?
Regards,
Jose
Can you give me more details to reproduce your issue?
Regards,
Jose
Please Log in or Create an account to join the conversation.
- yogitha
-
Topic Author
- Offline
- New Member
-
Less
More
- Posts: 8
- Thank you received: 0
1 year 4 months ago #7091
by yogitha
Replied by yogitha on topic check upload for double extensions is not working
Hi Jose,
Sorry.I missed your reply.
You can reproduce by:
login to joomla website.
in any form with file upload, try to upload a file with multiple extensions ex: abc.pdf.docx OR abc.pdf.exe
the upload scanner set yes to Check multiple extensions unable to stop file upload.
we are facing this issue. pl help us.
Sorry.I missed your reply.
You can reproduce by:
login to joomla website.
in any form with file upload, try to upload a file with multiple extensions ex: abc.pdf.docx OR abc.pdf.exe
the upload scanner set yes to Check multiple extensions unable to stop file upload.
we are facing this issue. pl help us.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4086
- Thank you received: 316
1 year 4 months ago #7092
by Jose
Replied by Jose on topic check upload for double extensions is not working
Hi yogitha,
Which component do you use? Maybe doesn't have a good file validation. Joomla allows to upload only authorized extensions through its file manager in backend...
Regards,
Jose
Which component do you use? Maybe doesn't have a good file validation. Joomla allows to upload only authorized extensions through its file manager in backend...
Regards,
Jose
Please Log in or Create an account to join the conversation.
- yogitha
-
Topic Author
- Offline
- New Member
-
Less
More
- Posts: 8
- Thank you received: 0
1 year 4 months ago #7093
by yogitha
Replied by yogitha on topic check upload for double extensions is not working
Hi Jose,
Yes. Inadvertently I opened another tag. pl ignore other one.
as seen your reply to other post, security checkpro avoids only double extensions with php files ex. abc.doc.php or abc.php.php.
but our problem is allowed extensions are: doc, xls, pdf etc.
Now joomla is checking only last extension ex: abc.doc.xls is allowed as last extension is xls which is permitted.
it is not checking for double extensions. we need to restrict it to address security audit. pl help us.
Yes. Inadvertently I opened another tag. pl ignore other one.
as seen your reply to other post, security checkpro avoids only double extensions with php files ex. abc.doc.php or abc.php.php.
but our problem is allowed extensions are: doc, xls, pdf etc.
Now joomla is checking only last extension ex: abc.doc.xls is allowed as last extension is xls which is permitted.
it is not checking for double extensions. we need to restrict it to address security audit. pl help us.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4086
- Thank you received: 316
1 year 4 months ago #7094
by Jose
Replied by Jose on topic check upload for double extensions is not working
Ok, I understand your problem.
But I need more info:
- Everybody (guests users) is able to upload files?
- Do you have any extension to upload files from frontend or do you use custom fields?
I want to configure a test environment like yours.
Regards,
Jose
But I need more info:
- Everybody (guests users) is able to upload files?
- Do you have any extension to upload files from frontend or do you use custom fields?
I want to configure a test environment like yours.
Regards,
Jose
Please Log in or Create an account to join the conversation.
Time to create page: 0.097 seconds