Posted by Manuel Lemos on 06/23/07 07:09

Hello,

on 06/22/2007 09:41 AM gosha bine said the following:
> On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
>> It's been mentioned here a couple of times in different threads regarding
>> image uploading. It's not new, but I found a clear explanation of what it
>> is and how to deal with it. Hope it helps some of you.
>>
>> http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html
>>
>>
>> Best!
>> Sh.
>
> How this exploit is related specifically to GIF files? You can insert
> php code in any file and every upload script that doesn't check file
> extensions is vulnerable.

It is explained in the article. You can upload a specially crafted GIF
image that embeds PHP code. Many developers use PHP getimagesize()
function to validate that the image is GIF (or other types). The
getimagesize function will not fail because the crafted image is a valid
GIF.

Depending on you serve uploaded GIF files, the embedded PHP code may be
executed .

Using GD image manipulation functions may not save anybody from exploits
because the PHP code may be embedded in the image palette space. If
those GD functions preserve the original palette, the embedded PHP code
remains there.

--

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

[Back to original message]