Security bug

Look here if you're having trouble with BitShop
Post Reply
mike
Posts: 5
Joined: Sun Dec 27, 2015 8:23 pm

Security bug

Post by mike »

It seems your shop script accept everything to upload also php, exe, js etc i would consider this as a big security hole,also when the files get a random string.
User avatar
bitfreak
Site Admin
Posts: 98
Joined: Thu Dec 10, 2015 6:57 pm
Location: Australia
Contact:

Re: Security bug

Post by bitfreak »

I assume you are talking about the file upload in the admin area? If a smart attacker gets access to the admin area you a pretty much screwed either way. If I were to limit the types of files that could be uploaded, the attacker could just edit one of the pages and write their own upload code. If I tried to make the admin area totally secure it would just restrict the ability of the admin to edit the website.
Post Reply