lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BAY119-F24A07B9608B668C5FD6F92DCA00@phx.gbl>
Date: Mon, 15 May 2006 19:46:01 -0500
From: "s89df987 s9f87s987f" <a059d8e0a9s8d0@...mail.com>
To: zx@...tlecops.com
Cc: rgod@...istici.org, bugtraq@...urityfocus.com
Subject: Re: PHPBB 2.0.20 persistent issues with avatars


On 5/13/06, Paul Laudanski <zx@...tlecops.com> wrote:
>I'd sure love to see the POC on this one.  PHP by default needs exif to be
>enabled during installation in order to work with the image meta data.  So
>in theory not enabling exif should cause this to be benign.

you misunderstanding the usage

>>(3) inject some php code inside jpeg files as EXIF metadata content:
>>this, "in combinations with third party vulnerable code" can be used
>>to compromise the server where PHP is installed.

note the text in quotes
meaning with another vulnerable script, such as one you can exploit to 
include a local files

so allowing the avatar images to go unchecked would make exploitation easier 
in such a case

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ