| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0508221132440.25729-100000@bugsbunny.castlecops.com> Date: Mon Aug 22 16:39:04 2005 From: zx at castlecops.com (Paul Laudanski) Subject: Re: BBCode [IMG] [/IMG] Tag Vulnerability On Mon, 22 Aug 2005, Christoph Frick wrote: > On Mon, Aug 22, 2005 at 12:34:56AM -0400, Paul Laudanski wrote: > > > So there are a couple avenues one can take in assessing if the file that > > [IMG][/IMG] is rendering is indeed an image. > > Problem solved. > > no its not solved. there are at least as many "avenues" to circumvent > your checks. mr. blackhat's index.php just have to check, if youre > script is checking for an image by e.g. check the header of the request > ``X-Powered-By'' or something like that, that identifies the requests > origin from a php script. the poor mens solution is just to check for > the REMOTE_ADDR. then return a nice image and the server is happy - > anybody else gets the "real" code. best thing to prevent this, disable > [IMG] and friends - or do something proxyisch, that protects your users. I'd be interested in seeing more of these "avenues" as you refer to them. I'm not sure how checking for x-powered-by is going to solve anything on the server where this supposed local vuln can occur. Please explain. -- Paul Laudanski http://castlecops.com ________ Information from Computer Cops, L.L.C. ________ This message was checked by NOD32 Antivirus System for Linux Mail Server. part000.txt - is OK http://castlecops.com
Powered by blists - more mailing lists