Re: Malicious file upload in .JPG or GIF format

From: Luca Carettoni (luca.carettoni@ikkisoft.com)
Date: Wed Feb 20 2008 - 17:15:14 EST


On Wednesday 20 February 2008, H D Moore wrote:
> The usual trick is to upload an ASP, ASPX, PHP, JSP, or other dynamic web
> page to the server. If the applications allows you to set the extension
> and the upload directory supports that scripting language, your job is
> done.

Sometimes it is also useful to provide a fake GIF image header in order to
bypass the image content check and the file extension control (as already
suggested).

In a PHP environment, creating a file with the extension ".php." and the
following content:
-----
GIF89aD
<?php phpinfo(); ?>
-----
It was several times successful.

Bye,
Luca

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:25 EDT