Headlines Thousands of Applications Vulnerable to RCE via jQuery File Upload

ib4

Error
Staff
1,898
2,874
257
1540331606078.png
The flaw has existed for eight years thanks to a security change in Apache.

A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 different software applications at risk for compromise and remote code-execution (RCE).

jQuery File Upload is a is a user-contributed open-source package for software developers that describes itself as a “file upload widget with multiple file selection, drag-and-drop support, progress bars, validation and preview images, and audio and video for jQuery.” It works with any server-side platform that supports standard HTML-form file uploads, such as PHP, Python, Ruby on Rails, Java and Node.js.

Akamai Security Intelligence Response Team (SIRT) researcher Larry Cashdollar took a closer look at two PHP files in the package – Upload.php and UploadHandler.php – under the directory server/php path within the code, and found a glaring vulnerability.

------------------------------------------------------------------
More @
https://threatpost.com/thousands-of-applications-vulnerable-to-rce-via-jquery-file-upload/138501/
 

TooSmartGuile

Tenderony
297
204
62
Everyday were under some kind of attack. I think we did this to ourselves. Technology once freed us, now it imprisons us! We should have secured our technology before we moved forward.
 

MisterFister

There's a very good chance that I don't care.
3,331
4,972
257
I like it. Imagine a world with impenatrable technology and 100% security. Be careful what you ask for.
 

MaxPower

Stay safe and fuck off
Staff
17,247
7,836
637
Everyday were under some kind of attack. I think we did this to ourselves. Technology once freed us, now it imprisons us! We should have secured our technology before we moved forward.
Tell that to everyone who immediately embraced IoT devices. The story's the same.