Last week, I had a talk in Bochum University about file upload vulnerabilities. I am going to share the slides and clips with you as they are already public via HackPra website:
http://www.nds.ruhr-uni-bochum.de/teaching/hackpra/
I have been told that the video will be available soon as well. I really recommend that you see the other talks in that website too.
Here are my slides in different formats:
Download the Power Point format
In this talk, I had revealed some 0days as examples (vendors already know about these issues):
– File Upload Protection bypass in FCKEditor 2.6.8 ASP version (Mostafa Azizi, Soroush Dalili) [Page 53 of Power Point file]
– Denial of Service issue in FCKEditor 2.6.8/CKFinder 2.3 (Soroush Dalili) [Page 54 of Power Point file]
– Directory Traversal in GleamTech Filevista (Soroush Dalili) [Page 22 of Power Point file]
You may be able to find similar issues in other web applications that have file upload functionality by using some of these methods.
—–
Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:
In “config.asp”, wherever you have:
   ConfigAllowedExtensions.Add   “File”,”Extensions Here”
Change it to:
   ConfigAllowedExtensions.Add   “File”,”^(Extensions Here)$”