WTF ... IS WTF!?
We are a collective of people who believe in freedom of speech, the rights of individuals, and free pancakes! We share our lives, struggles, frustrations, successes, joys, and prescribe to our own special brand of humor and insanity. If you are looking for a great place to hang out, make new friends, find new nemeses, and just be yourself, WTF.com is your new home.

Headlines Thousands of Applications Vulnerable to RCE via jQuery File Upload

ib4

Error
Staff
1,726
1,208
157
#1
1540331606078.png
The flaw has existed for eight years thanks to a security change in Apache.

A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 different software applications at risk for compromise and remote code-execution (RCE).

jQuery File Upload is a is a user-contributed open-source package for software developers that describes itself as a “file upload widget with multiple file selection, drag-and-drop support, progress bars, validation and preview images, and audio and video for jQuery.” It works with any server-side platform that supports standard HTML-form file uploads, such as PHP, Python, Ruby on Rails, Java and Node.js.

Akamai Security Intelligence Response Team (SIRT) researcher Larry Cashdollar took a closer look at two PHP files in the package – Upload.php and UploadHandler.php – under the directory server/php path within the code, and found a glaring vulnerability.

------------------------------------------------------------------
More @
https://threatpost.com/thousands-of-applications-vulnerable-to-rce-via-jquery-file-upload/138501/
 
223
73
47
#2
Everyday were under some kind of attack. I think we did this to ourselves. Technology once freed us, now it imprisons us! We should have secured our technology before we moved forward.
 

MisterFister

There's a very good chance that I don't care.
3,209
1,581
207
#3
I like it. Imagine a world with impenatrable technology and 100% security. Be careful what you ask for.
 

MaxPower

You're my number two
Staff
16,949
3,375
487
#4
Everyday were under some kind of attack. I think we did this to ourselves. Technology once freed us, now it imprisons us! We should have secured our technology before we moved forward.
Tell that to everyone who immediately embraced IoT devices. The story's the same.