U4-9212 - Unrestricted File Upload Vulnerability

Created by Sebastiaan Janssen 22 Nov 2016, 13:02:21 Updated by Sebastiaan Janssen 07 Dec 2016, 10:21:53

Tags: Unscheduled

Uploading a file with the following contents and the name index.html does not work, it's rejected on the server due to the .html file extension being restricted. However if you capture the request in Fiddler and re-issue it with the filename changed to index.html with a space after it, it's accepted and stored as index.html without a space after it. We need to trim the extra trailing space.

1 Attachments


Sebastiaan Janssen 22 Nov 2016, 13:32:03

Fixed in: https://github.com/umbraco/Umbraco-CMS/commit/a2a4ad39476f4a18c8fe2c04d42f6fa635551b63

Shannon Deminick 28 Nov 2016, 10:02:31

yup looks good

Priority: Major

Type: Bug

State: Fixed


Difficulty: Normal


Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.5.5

Sprint: Sprint 47

Story Points: