Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
From: Tatercrispies <tatercrispies () gmail com>
Date: Tue, 25 Oct 2005 17:00:32 -0500

On 10/25/05, Paul Laudanski <zx () castlecops com> wrote:

If sites want to stay online that make use of dynamic content to some
extent the onus is on them to do proper input validation. There are PHP
functions which permit for checking. But again, they work well when
checking local images.

Both Opera and Firefox respect the content-type HTTP header. IE stands alone
as the major browser that attempts to second-guess things and render an
image file as HTML. I believe this is firmly an error in the browser. While
we could try to mitigate the issue at the web application level, but given
how enormously wide-spread this problem is, in my opinion, it seems more
reasonable and direct to fix it at the source of the problem.

What's to say that these validation functions work well enough. Are there
pure PHP/ASP scripts can can accomplish this task for major image types. I
mean scripts that run without the use of external modules. I would love to
see them. By what criteria does Explorer decide that it's not going to
render an image as an image?
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]