Penetration Testing mailing list archives

Re: Malicious file upload in .JPG or GIF format

From: Luca Carettoni <luca.carettoni () ikkisoft com>
Date: Wed, 20 Feb 2008 23:15:14 +0100

On Wednesday 20 February 2008, H D Moore wrote:

The usual trick is to upload an ASP, ASPX, PHP, JSP, or other dynamic web
page to the server. If the applications allows you to set the extension
and the upload directory supports that scripting language, your job is
done.


Sometimes it is also useful to provide a fake GIF image header in order to 
bypass the image content check and the file extension control (as already 
suggested).

In a PHP environment, creating a file with the extension ".php." and the 
following content:
-----
GIF89aD
<?php phpinfo(); ?>
-----
It was several times successful.

Bye, 
Luca

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Malicious file upload in .JPG or GIF format whitehat (Feb 20)
- Re: Malicious file upload in .JPG or GIF format H D Moore (Feb 20)
  - RE: Malicious file upload in .JPG or GIF format Erin Carroll (Feb 20)
    - RE: Malicious file upload in .JPG or GIF format Brett Moore (Feb 20)
  - Re: Malicious file upload in .JPG or GIF format Luca Carettoni (Feb 20)
- Re: Malicious file upload in .JPG or GIF format bugtraq (Feb 20)
- RE: Malicious file upload in .JPG or GIF format ADAMS, JEFF W, ATTSI (Feb 21)
- <Possible follow-ups>
- Re: Malicious file upload in .JPG or GIF format Jay (Feb 20)