11  9962 
Schraalhans Keukenmeester wrote:
It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
>
Best!
Sh.
Thanks.
Good warning.
I always load and resample uploaded images in GD before saving them, so I
guess my apps are safe from gif/php exploit. (More luck than wisdom.)
Thanks.
Regards,
Erwin Moller
On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
--
gosha bine
extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok
On Jun 22, 1:41 pm, gosha bine <stereof...@gmail.comwrote:
On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...loit-with-GIF-...
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
--
gosha bine
extended php parser ~http://code.google.com/p/pihipi
blok ~http://www.tagarga.com/blok
it isnt just a simple question of examining file extensions, see url
below for an example, there are of course others including execution
of php within jpeg comments, or just XSS within images. Some machines
are ok, some are not, depends on your setup, even serving image via
download file might not stop it on some setups. http://milw0rm.com/video/watch.php?id=58-
On 22.06.2007 16:28 shimmyshack wrote:
On Jun 22, 1:41 pm, gosha bine <stereof...@gmail.comwrote:
>On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
>>It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...loit-with-GIF-...
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
--
gosha bine
extended php parser ~http://code.google.com/p/pihipi
blok ~http://www.tagarga.com/blok
it isnt just a simple question of examining file extensions, see url
below for an example, there are of course others including execution
of php within jpeg comments, or just XSS within images. Some machines
are ok, some are not, depends on your setup, even serving image via
download file might not stop it on some setups.
http://milw0rm.com/video/watch.php?id=58-
Ok, but this has nothing to do with php. It's just a bug in (some
obsolete version of) internet explorer.
--
gosha bine
extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok
On Jun 22, 4:41 pm, gosha bine <stereof...@gmail.comwrote:
On 22.06.2007 16:28 shimmyshack wrote:
On Jun 22, 1:41 pm, gosha bine <stereof...@gmail.comwrote:
On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
>It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...loit-with-GIF-...
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
--
gosha bine
extended php parser ~http://code.google.com/p/pihipi
blok ~http://www.tagarga.com/blok
it isnt just a simple question of examining file extensions, see url
below for an example, there are of course others including execution
of php within jpeg comments, or just XSS within images. Some machines
are ok, some are not, depends on your setup, even serving image via
download file might not stop it on some setups.
http://milw0rm.com/video/watch.php?id=58-
Ok, but this has nothing to do with php. It's just a bug in (some
obsolete version of) internet explorer.
--
gosha bine
extended php parser ~http://code.google.com/p/pihipi
blok ~http://www.tagarga.com/blok
the other examples do have to do with php. I just didnt provide any
links for them.
On Fri, 22 Jun 2007 12:57:32 +0200, Schraalhans Keukenmeester
<Sc*********@the.spamtrapexample.nlwrote:
It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
I've seen these claims earlier, seems to have something to do with mostly
apache on Windows. Then again, I have not been able to reproduce these
kinds of vulnerabilities without instructing Apache to parse images for
PHP. Other people have claimed their servers do that automagically, I
haven't found the reason why.
--
Rik Wasmus
Hello,
on 06/22/2007 09:41 AM gosha bine said the following:
On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
>It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
It is explained in the article. You can upload a specially crafted GIF
image that embeds PHP code. Many developers use PHP getimagesize()
function to validate that the image is GIF (or other types). The
getimagesize function will not fail because the crafted image is a valid
GIF.
Depending on you serve uploaded GIF files, the embedded PHP code may be
executed .
Using GD image manipulation functions may not save anybody from exploits
because the PHP code may be embedded in the image palette space. If
those GD functions preserve the original palette, the embedded PHP code
remains there.
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
Manuel Lemos wrote:
Hello,
on 06/22/2007 09:41 AM gosha bine said the following:
>On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
>>It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
It is explained in the article. You can upload a specially crafted GIF
image that embeds PHP code. Many developers use PHP getimagesize()
function to validate that the image is GIF (or other types). The
getimagesize function will not fail because the crafted image is a valid
GIF.
Depending on you serve uploaded GIF files, the embedded PHP code may be
executed .
Using GD image manipulation functions may not save anybody from exploits
because the PHP code may be embedded in the image palette space. If
those GD functions preserve the original palette, the embedded PHP code
remains there.
I don't know anyone in their right mind who would set up a server to
parse gif's as PHP code.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Hello,
on 06/23/2007 08:25 AM Jerry Stuckle said the following:
>>>It's been mentioned here a couple of times in different threads
regarding
image uploading. It's not new, but I found a clear explanation of
what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
It is explained in the article. You can upload a specially crafted GIF
image that embeds PHP code. Many developers use PHP getimagesize()
function to validate that the image is GIF (or other types). The
getimagesize function will not fail because the crafted image is a valid
GIF.
Depending on you serve uploaded GIF files, the embedded PHP code may be
executed .
Using GD image manipulation functions may not save anybody from exploits
because the PHP code may be embedded in the image palette space. If
those GD functions preserve the original palette, the embedded PHP code
remains there.
I don't know anyone in their right mind who would set up a server to
parse gif's as PHP code.
You are missing the point. Developers are not parsing GIFs as PHP code
intentionally.
Some less informed developers are serving uploaded GIFs in a insecure
ways because that triggers the execution of PHP code that may embedded
inside the GIF data, for instance as a stream of bytes in the GIF
palette like this:.
GIF98a other binary data and then GIF palette here<?php
readfile('/etc/passwd'); ?more binary data.
That is explained in the article.
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
Manuel Lemos wrote:
Hello,
on 06/23/2007 08:25 AM Jerry Stuckle said the following:
>>>>It's been mentioned here a couple of times in different threads
regarding
image uploading. It's not new, but I found a clear explanation of
what it
is and how to deal with it. Hope it helps some of you.
>
http://www.phpclasses.org/blog/post/...IF-images.html
>
>
>
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
It is explained in the article. You can upload a specially crafted GIF
image that embeds PHP code. Many developers use PHP getimagesize()
function to validate that the image is GIF (or other types). The
getimagesize function will not fail because the crafted image is a valid
GIF.
Depending on you serve uploaded GIF files, the embedded PHP code may be
executed .
Using GD image manipulation functions may not save anybody from exploits
because the PHP code may be embedded in the image palette space. If
those GD functions preserve the original palette, the embedded PHP code
remains there.
I don't know anyone in their right mind who would set up a server to
parse gif's as PHP code.
You are missing the point. Developers are not parsing GIFs as PHP code
intentionally.
No, I'm not.
Some less informed developers are serving uploaded GIFs in a insecure
ways because that triggers the execution of PHP code that may embedded
inside the GIF data, for instance as a stream of bytes in the GIF
palette like this:.
That's their problem. If you don't know enough about security to lock
your house, you have little right to complain when someone walks in and
steals your TV.
GIF98a other binary data and then GIF palette here<?php
readfile('/etc/passwd'); ?more binary data.
That is explained in the article.
I understand the article. What I don't understand is why this would be
a problem to anyone with a bit of sense.
For instance - /etc/passwd does NOT have passwords in it in a modern
Linux system. Those are in /etc/shadow, which is only readable by root.
And even if /etc/passwd had passwords, those are encrypted (actually,
hashed), and even if they were read one would have to go through a lot
of gyrations to determine a compatible password.
A bunch of hype for the truly uninformed, IMHO.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Manuel Lemos wrote:
Hello,
on 06/22/2007 09:41 AM gosha bine said the following:
>On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
>>It's been mentioned here a couple of times in different threads regarding
image uploading. It's not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
Best!
Sh.
How this exploit is related specifically to GIF files? You can insert
php code in any file and every upload script that doesn't check file
extensions is vulnerable.
It is explained in the article. You can upload a specially crafted GIF
image that embeds PHP code. Many developers use PHP getimagesize()
function to validate that the image is GIF (or other types). The
getimagesize function will not fail because the crafted image is a valid
GIF.
Depending on you serve uploaded GIF files, the embedded PHP code may be
executed .
Using GD image manipulation functions may not save anybody from exploits
because the PHP code may be embedded in the image palette space. If
those GD functions preserve the original palette, the embedded PHP code
remains there.
In your reply, replace "GIF" with any other format of choice (doc, pdf
etc) and "getimagesize" with "mime_content_type" or similar. Does that
change anything?
As long as you allow server-side execution of user-supplied files,
you're vulnerable. No matter in what format the files come.
--
gosha bine
extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Jake Lloyd |
last post by:
In "A Note on Security In PHP" (partly in reference to a security flaw
that exists or recently did exist in phpBB) at
http://nl3.php.net/security-note.php
The PHP Group makes this claim:
"Every...
|
by: zhi |
last post by:
Really confused, when I use keyword style argument as following:
>>> input(prompt="hello")
Traceback (most recent call last):
File "<pyshell#52>", line 1, in -toplevel-
input(prompt="hello")...
|
by: Velan |
last post by:
Greetings,
Would anyone know the HTML code concerning the MHTMLRedir.Exploit exploit..?
|
by: Alex Hunsley |
last post by:
Symantec antivirus has apparently picked up a virus in my Python 2.4
(under cygwin):
Scan type: Scheduled Scan
Event: Threat Found!
Threat: Bloodhound.Exploit.49
File: ...
|
by: mickey |
last post by:
try this page:
<a href="http://google.com"
onclick="this.href='http://yahoo.com'">Spoof link should go to
google</a>
both in IE and Firefox, users see google in the status bar and assume...
|
by: Tomás |
last post by:
I have a few really long template functions. They belong in a source
file... and thus must be "exported".
Seeing as how few compilers support "export", could someone please point
me to a...
|
by: Kuku |
last post by:
What is the difference between a reference and a pointer?
|
by: navti |
last post by:
I saw here
http://java.sun.com/javase/6/docs/technotes/tools/share/jsdocs/index.html
that javascript has built-in methods such as cp, dir, date etc
how do i get these to run on the client...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
