WebApp Sec mailing list archives
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
From: Nicob <nicob () nicob net>
Date: Thu, 27 Oct 2005 15:23:12 +0200
Le mardi 25 octobre 2005 à 17:02 -0400, Paul Laudanski a écrit :
Anyone have other ideas on this? I've already implemented some code to validate file input and its working. But is this the right approach?
I'm not sure to understand what you're talking about but if you're trying to positively validate that file XYZ is an image and not a PHP file, you're asking for trouble : $> wget http://nicob.net/mirrors/blowjob.jpg $> file blowjob.jpg blowjob.jpg: JPEG image data, JFIF standard 1.0 $> tail -n 5 blowjob.jpg <?php $resu = shell_exec("echo '' && echo '' && uname -a && id && date"); echo nl2br($resu); ?> $> php blowjob.jpg [garbage] Linux dellyre 2.6.[...] jeu oct 27 15:21:31 CEST 2005 [...] Nicob
Current thread:
- phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 25)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Nicob (Oct 27)
- Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies (Oct 27)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 29)
- <Possible follow-ups>
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 25)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Nicob (Oct 27)