[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well).
Morning Wood
se_cur_ity at hotmail.com
Tue Oct 25 01:28:00 BST 2005
By prepending image headers you can often fool php/IE.
This technique has been used successfully to bypass php checking
and renders the php upon access.
-----------------------------------------------
ÿØÿà �JFIF
<?php
some phpcode
?>
-----------------------------------------------
or
-----------------------------------------------
GIF87aÔ�
<?php
some phpcode
?>
-----------------------------------------------
Full-Disclosure is hosted and sponsored by Secunia.