Bugtraq mailing list archives
Re: PHPBB 2.0.20 persistent issues with avatars
From: Paul Laudanski <zx () castlecops com>
Date: Sun, 14 May 2006 00:58:54 -0400 (EDT)
On 12 May 2006 rgod () autistici org wrote:
(3) inject some php code inside jpeg files as EXIF metadata content: this, in combinations with third party vulnerable code can be used to compromise the server where PHP is installed. Should be enough to check for php code inside the temporary files before to copy the new avatar in "images/avatars/" folder.
I'd sure love to see the POC on this one. PHP by default needs exif to be enabled during installation in order to work with the image meta data. So in theory not enabling exif should cause this to be benign. With that said, do you have a POC? sources: http://www.zend.com/manual/ref.exif.php http://us2.php.net/exif http://www.php.net/image -- Paul Laudanski, Microsoft MVP Windows-Security Submit phish: http://castlecops.com/pirt [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki.castlecops.com [family] http://cuddlesnkisses.com
Current thread:
- PHPBB 2.0.20 persistent issues with avatars rgod (May 12)
- Re: PHPBB 2.0.20 persistent issues with avatars Paul Laudanski (May 15)
- <Possible follow-ups>
- Re: PHPBB 2.0.20 persistent issues with avatars s89df987 s9f87s987f (May 18)
- Re: PHPBB 2.0.20 persistent issues with avatars Paul Laudanski (May 20)