Halp File Upload Script

Jonny_B

Erect Member
Oct 14, 2004
9,162
26
41
Marklar
₥76
Can anyone recommend a good file uploader script? Looking for password protected access (I can use .htaccess as long as that won't break the script), multiple file upload, and directory listing of uploaded files.
 
I'd stay away from celerondude's script. It hasn't been updated in several years and has several known security vulnerabilities possibly leading to full root on the server it is installed on (depending on the security of the server). You'd be amazed how many script kiddies and bots hammer my webhost daily looking for the script and its vulnerabilities.
 
I'd stay away from celerondude's script. It hasn't been updated in several years and has several known security vulnerabilities possibly leading to full root on the server it is installed on (depending on the security of the server). You'd be amazed how many script kiddies and bots hammer my webhost daily looking for the script and its vulnerabilities.

I know the older versions had some serious issues. You sure about the "latest" one?

edit: They have an active-ish forum, and no mention of security issues...
 
Last edited:
most of the security vulnerabilities i'm aware of were php issues more than celerondudes scripts issues, which have long since been fixed. if you're running a server from 2005, you might want to check it... otherwise, I've had the script going on my website for a long time and outside of the issues 6+ years ago, havn't had any problems since.

back then i got rooted a few times but i blame one of the random dudes on genmay with cheap hosting co's and i lost nothing in the process, just script kiddies defacing the main page (but where nice enough to create a backup).

I consider it a pretty low risk these days.
 
most of the security vulnerabilities i'm aware of were php issues more than celerondudes scripts issues, which have long since been fixed. if you're running a server from 2005, you might want to check it... otherwise, I've had the script going on my website for a long time and outside of the issues 6+ years ago, havn't had any problems since.

back then i got rooted a few times but i blame one of the random dudes on genmay with cheap hosting co's and i lost nothing in the process, just script kiddies defacing the main page (but where nice enough to create a backup).

I consider it a pretty low risk these days.

MADE2OWN FOR LIFE
 
most of the security vulnerabilities i'm aware of were php issues more than celerondudes scripts issues, which have long since been fixed. if you're running a server from 2005, you might want to check it... otherwise, I've had the script going on my website for a long time and outside of the issues 6+ years ago, havn't had any problems since.

back then i got rooted a few times but i blame one of the random dudes on genmay with cheap hosting co's and i lost nothing in the process, just script kiddies defacing the main page (but where nice enough to create a backup).

I consider it a pretty low risk these days.
are you using the 6.1 version that's still freely available, or one of the later versions that appear to be gated?
 
6.1

If you do insist on running the uploader, I highly suggest disabling public account creation. I had some Saudi retards upload h4x.php.gif and shit like that the server I used to have the uploader script on. I don't know how public uploaders can stay public without being hosed every 5 minutes by script kiddies, even with insane security controls.
 
6.1

some a-holes took celeron's free script and then expected full support for it, threatened to sue him when they failed to implement it correctly or something... hence him dropping the project. not sure what the latest versions add, 6.1 is fully functional.

i only use it for a private uploader, don't know how it handles having users register/abuse there.