|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 71
Members: 0
Total: 71
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
JPG injections? |
|
Posted: Tue Apr 24, 2007 1:17 pm |
|
|
716 |
Regular user |
|
|
Joined: Feb 11, 2006 |
Posts: 19 |
|
|
|
|
|
|
|
hi all,
i'm just wondering if anyone has any experience or documentation/tut about JPG injections (PHP or other serverside script in JPG/GIF)... not really talked about but i guess it can mean a huge gateway...
any help apreciated,
thx |
|
|
|
|
Posted: Wed Apr 25, 2007 12:14 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
You cannot "inject JPG". JPEG is just a file format. - Nothing more.
If you are able to include in a PHP script you can also include JPEG files, but this is only reasonable if there is PHP code in it. |
|
|
|
|
Posted: Wed Apr 25, 2007 1:07 pm |
|
|
716 |
Regular user |
|
|
Joined: Feb 11, 2006 |
Posts: 19 |
|
|
|
|
|
|
|
what i ment was to put php code inside a picture |
|
|
|
|
Posted: Wed Apr 25, 2007 2:07 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
As I already said, JPEG is yet another binary file format. So you cannot simply inject PHP code in a JPEG and get the code executed.
But you can write your PHP code and save the file as *.jpg file. Then you can include it in another PHP script or get it parsed through command line PHP or .htaccess.
By the way... Yes, there was a vulnerability in the JPEG parser of Microsoft, if I remember right... But PHP? Forget about it. |
|
|
|
|
Posted: Wed Apr 25, 2007 2:58 pm |
|
|
716 |
Regular user |
|
|
Joined: Feb 11, 2006 |
Posts: 19 |
|
|
|
|
|
|
|
i don't see why i would include a bad code in my own php... |
|
|
|
|
Posted: Tue Nov 27, 2007 9:54 pm |
|
|
untact |
Beginner |
|
|
Joined: Nov 26, 2007 |
Posts: 2 |
|
|
|
|
|
|
|
not sure if thats what you meant but you should watch this anyway..
h**p://milw0rm.com/video/watch.php?id=57 |
|
|
|
|
Posted: Tue Nov 27, 2007 9:59 pm |
|
|
716 |
Regular user |
|
|
Joined: Feb 11, 2006 |
Posts: 19 |
|
|
|
|
|
|
|
thanks a lot mate
i think its the same thing as i meant
i'll watch tomorrow |
|
|
|
|
www.waraxe.us Forum Index -> All other security holes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|