jQuery File Upload Plugin Bugged for 8 YEARS!!!

Windows Articles

How to enable and disable SMB1/SMB2 in Windows 10

Hello! Windows 10 is an operating system that integrates various protocols to ensure its use with internal and external processes. Indeed, one...

Install Wine 5 on Debian 10

Hi, folks. In this post, I will help you install Wine 5 on Debian 10. Wine is one of...

Is ReactOS a real alternative to Windows?

Oh! The eternal struggle of computer operating systems. Windows vs. GNU/Linux and Mac as a distant spectator However, there are also interesting...

How to install Firebird on Ubuntu 20.04/ 18.04?

Database management systems are sufficient for many kinds of projects. Of course, they abound with MySQL / MariaDB or PostgreSQL popular but...

How to disable Firewall in Windows Server 2019/2016

Hello! The Firewall performs an essential security task on any version of Windows Server. In fact, it has the mission of preventing...

jQuery is one of the most popular JavaScript frameworks out there. There are tons of features to enjoy and of course, there are numerous extensions that take advantage of those for building all the awesome websites we enjoy. However, security researchers recently discovered a very crucial bug that’s been present for years!

This bug affects the popular jQuery File Upload widget. Using the widget, an attacker could easily upload arbitrary files on web servers including command shells for sending out commands!

Bug from 8-years-old security upgrade

A security researcher with Akamai’s SIRT (Security Intelligence Response Team), Larry Cashdollar, identified the flaw when he was analyzing the widget’s code and successfully uploaded a web shell and run commands on a test server.

Together with Sebastian Tschan, the dev of the plugin, the security researcher discovered the flaw was a part of the change in Apache 2.3.9 that disabled the “.htaccess” by default. The file would store folder-related security settings.

The reason for the change was to protect the system config of the admins by disabling the users to customize security settings on individual folders. It was also meant to improve performance since the server didn’t have to check “.htaccess” file while accessing a directory.

After the disabling of checking “.htaccess” files, the jQuery File Upload plugin also no longer benefited from the feature. Then, it would add files to the root directory.

The bug is tracked as CVE-2018-9206.

The impact on the community

The jQuery File Upload plugin was so popular that it got thousands of derivatives and many of them are still carrying the flawed code. There are currently about 7,800 variations. According to Cashdollar, there are still cases where the vulnerability exists even if the original code was changed for meeting customer needs.

The researcher also published a proof-of-concept exploit that exploits the widget and uploads a PHP shell. There’re currently 3 common variations of all the forks of jQuery File Upload.

The fix

Thankfully, the bug is fixed in the latest version of the jQuery File Upload. Get the latest version of the widget.

By default, the updated widget allows only image files (JPG, JPEG, GIF, and PNG) to be uploaded by default. For adding other file types, the dev also provides an in-depth guide.

More articles

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to enable and disable SMB1/SMB2 in Windows 10

Hello! Windows 10 is an operating system that integrates various protocols to ensure its use with internal and external processes. Indeed, one...

Install Wine 5 on Debian 10

Hi, folks. In this post, I will help you install Wine 5 on Debian 10. Wine is one of...

Is ReactOS a real alternative to Windows?

Oh! The eternal struggle of computer operating systems. Windows vs. GNU/Linux and Mac as a distant spectator However, there are also interesting...

How to install Firebird on Ubuntu 20.04/ 18.04?

Database management systems are sufficient for many kinds of projects. Of course, they abound with MySQL / MariaDB or PostgreSQL popular but...

How to disable Firewall in Windows Server 2019/2016

Hello! The Firewall performs an essential security task on any version of Windows Server. In fact, it has the mission of preventing...