Full Disclosure mailing list archives
Php gif upload thumbnail creation remote exploit
From: "HI-TECH ." <isowarez.isowarez.isowarez () googlemail com>
Date: Sun, 19 Jun 2011 02:58:16 +0200
This technique describes how to exploit apps which encode pictures during a Php upload. Embedding Php code inside gif files which are uploaded is a known technique to execute arbitrary code on a Apache Php installation. Now what can one do when the code which uploads the file processes and encodes the file to a thumbnail and only this thumbnail is accessible remotely with the correct extension? The gif file is crunshed and the embedded Php code disappears, bad situation you might think. The solution is to zero out all size fields of the gif file using a hex editor. The result after the upload is that the encoding routine processes the file without modifying it because of size checks. The Php code stays embedded in the file. -kc
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Php gif upload thumbnail creation remote exploit HI-TECH . (Jun 18)
- Re: Php gif upload thumbnail creation remote exploit Владимир Воронцов (Jun 19)
- Re: Php gif upload thumbnail creation remote exploit HI-TECH . (Jun 19)
- Re: Php gif upload thumbnail creation remote exploit Moritz Naumann (Jun 19)
- Re: Php gif upload thumbnail creation remote exploit HI-TECH . (Jun 20)
- Re: Php gif upload thumbnail creation remote exploit HI-TECH . (Jun 19)
- Re: Php gif upload thumbnail creation remote exploit Владимир Воронцов (Jun 19)