CVE-2006-3070
CVE-2006-3070
write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=full-disclosure&m=115044567831726&w=2http://secunia.com/advisories/20592http://securecast.wins21.com/zerovul.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27038http://www.securityfocus.com/archive/1/437442/30/4320/threadedhttp://www.securityfocus.com/bid/18465http://www.vupen.com/english/advisories/2006/2318