|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 101
Members: 0
Total: 101
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
.doc vulnerabilities |
|
Posted: Fri Jan 25, 2008 9:47 pm |
|
|
agentsteal |
Regular user |
|
|
Joined: Jun 09, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
I made a PHP script that dynamically creates Microsoft Word .doc files. Can inserting user input into a .doc file be exploited? Is there anything I need to filter? |
|
|
|
|
|
Re: .doc vulnerabilities |
|
Posted: Fri Jan 25, 2008 10:15 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
agentsteal wrote: | I made a PHP script that dynamically creates Microsoft Word .doc files. Can inserting user input into a .doc file be exploited? Is there anything I need to filter? |
What is output? "Content-Disposition:attachment"-type forced download?
Or you will save temp files or final files in web-accessible directories?
What is input? Plaintext? |
|
|
|
|
Posted: Fri Jan 25, 2008 10:31 pm |
|
|
agentsteal |
Regular user |
|
|
Joined: Jun 09, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
Quote: | What is output? "Content-Disposition:attachment"-type forced download? |
Yes.
Quote: | What is input? Plaintext? |
It's the information from a registration form. |
|
|
|
|
Posted: Sat Jan 26, 2008 1:40 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Well, i don't see here any direct security issues. But it all depends of implementation. I mean - only attack vector, that I am able to consider right now, based on provided information, is expected user input from html form, delivered through POST request and then used for doc-file creation. This seems secure, if input data is plaintext.
But you must consider other attack vectors - local and remote file inclusions, remote code executions, variable poisoning (php issue),etc.
Without seeing source code there is no way to be sure ... |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|