Thanks for the replying Shawn.
I am glad to hear this, in fact, as the sites say the solutions should be...
- The application should use whitelisting technique which compare the file extensions and mime types aganist
- acceptable mime types and extensions for more information google for "whitelisting vs blacklisting
Anyway, I'm going to look around to report other stuff about hypothetical GS vulnerabilities.
I am glad to hear this, in fact, as the sites say the solutions should be...
- The application should use whitelisting technique which compare the file extensions and mime types aganist
- acceptable mime types and extensions for more information google for "whitelisting vs blacklisting
Anyway, I'm going to look around to report other stuff about hypothetical GS vulnerabilities.
(2013-12-26, 14:13:43)shawn_a Wrote: IMHO it's a bullshit vulnerability.
Regardless, we now have whitelist capability in later versions.
My website made with GetSimple CMS is
Arte & Società
www.artesocieta.eu
An indipendent website about Italian Contemporary Visual Arts
Arte & Società
www.artesocieta.eu
An indipendent website about Italian Contemporary Visual Arts