[Full-disclosure] Re: BBCode [IMG] [/IMG] Tag Vulnerability
frick at sc-networks.de
Mon Aug 22 16:23:22 BST 2005
On Mon, Aug 22, 2005 at 12:34:56AM -0400, Paul Laudanski wrote:
> So there are a couple avenues one can take in assessing if the file that
> [IMG][/IMG] is rendering is indeed an image.
> Problem solved.
no its not solved. there are at least as many "avenues" to circumvent
your checks. mr. blackhat's index.php just have to check, if youre
script is checking for an image by e.g. check the header of the request
``X-Powered-By'' or something like that, that identifies the requests
origin from a php script. the poor mens solution is just to check for
the REMOTE_ADDR. then return a nice image and the server is happy -
anybody else gets the "real" code. best thing to prevent this, disable
[IMG] and friends - or do something proxyisch, that protects your users.
Full-Disclosure is hosted and sponsored by Secunia.