Full Disclosure mailing list archives
Re: Re: BBCode [IMG] [/IMG] Tag Vulnerability
From: Paul Laudanski <zx () castlecops com>
Date: Mon, 22 Aug 2005 11:37:35 -0400 (EDT)
On Mon, 22 Aug 2005, Christoph Frick wrote:
On Mon, Aug 22, 2005 at 12:34:56AM -0400, Paul Laudanski wrote:So there are a couple avenues one can take in assessing if the file that [IMG][/IMG] is rendering is indeed an image. Problem solved.no its not solved. there are at least as many "avenues" to circumvent your checks. mr. blackhat's index.php just have to check, if youre script is checking for an image by e.g. check the header of the request ``X-Powered-By'' or something like that, that identifies the requests origin from a php script. the poor mens solution is just to check for the REMOTE_ADDR. then return a nice image and the server is happy - anybody else gets the "real" code. best thing to prevent this, disable [IMG] and friends - or do something proxyisch, that protects your users.
I'd be interested in seeing more of these "avenues" as you refer to them. I'm not sure how checking for x-powered-by is going to solve anything on the server where this supposed local vuln can occur. Please explain. -- Paul Laudanski http://castlecops.com ________ Information from Computer Cops, L.L.C. ________ This message was checked by NOD32 Antivirus System for Linux Mail Server. part000.txt - is OK http://castlecops.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BBCode [IMG] [/IMG ] Tag Vulnerability h4cky0u (Aug 21)
- Re: BBCode [IMG] [/IMG ] Tag Vulnerability milw0rm Inc. (Aug 22)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Paul Laudanski (Aug 22)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Christoph Frick (Aug 22)
- Re: Re: BBCode [IMG] [/IMG] Tag Vulnerability Paul Laudanski (Aug 22)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Christoph Frick (Aug 22)
- <Possible follow-ups>
- Re: BBCode [IMG] [/IMG ] Tag Vulnerability Jan Kantert (Aug 22)