 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
mime types... |
 |
 Posted: Mon Jul 24, 2006 10:11 am |
 |
|
| 716 |
| Regular user |
 |
|
| Joined: Feb 11, 2006 |
| Posts: 19 |
|
|
|
 |
|
 |
|
hi guys 
i'd like to ask something, maybe someone can help me... yea, its about mime types... can they be faked? i mean, is it possible that i have a php file that i upload and somehow tell the browser that the mime type is JPEG? it would be a pretty neat trick to "fool" some server side scripts...
any ideas/suggestions?
thanks |
|
|
|
|
|
|
|
|
| Posted: Mon Jul 24, 2006 5:25 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
You can have php script "foobar.php", which is containing code 'header( "Content-type: image/jpeg\n\n");'
Now you can go to:
http://www.testservxyz.com/foobar.php
... and you see picture, because browser sees it as picture.
You can even use .htaccess mod_rewrite tricks on Apache:
| Code: |
RewriteEngine on
RewriteRule ^coolpic.jpg foobar.php
|
... and when you do:
http://www.testservxyc.com/coolpic.jpg
... then actually php script will be run.
This is by the way very frequently used method to dynamical picture generation. With mod_rewrite using you cant differ "real" picture form php generated picture |
|
|
|
|
|
|
|
|
| Posted: Wed Jul 26, 2006 1:29 pm |
|
|
| 716 |
| Regular user |
|
|
| Joined: Feb 11, 2006 |
| Posts: 19 |
|
|
|
|
|
|
|
aaaah, this is how (for eg.) gmail does, that when you click "download" to a picture (as attachment) it downloads it and doesnt open it in the browser...
but what i was thinking of is this: if you are a simple user on a forum where you have rights to upload pics, zip files as attachment, could you somehow fool the browser (the mime-type detection) so that it lets you upload a PHP script, thinking that its actually a JPEG... |
|
|
|
|
|
|
|
|
| Posted: Wed Jul 26, 2006 5:39 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| 716 wrote: | aaaah, this is how (for eg.) gmail does, that when you click "download" to a picture (as attachment) it downloads it and doesnt open it in the browser...
but what i was thinking of is this: if you are a simple user on a forum where you have rights to upload pics, zip files as attachment, could you somehow fool the browser (the mime-type detection) so that it lets you upload a PHP script, thinking that its actually a JPEG... |
First, that forced download - it's done with help of "content disposition":
http://support.microsoft.com/kb/q260519/
How To Raise a "File Download" Dialog Box for a Known MIME Type
Second: it's all depend on SERVER side, not client side!!
You can always write some perl/php script or c application and try to do ANY thing you ever want against server, including php scripts upload.
But if server-side upload script is well written, then your tryings will fail.
Still, there are lot's of weak upload scripts, which can be manipulated with ".." (traversal), "%00" (null bytes) and other interesting methods.
One more thing to mention - you can craft jpeg picture file, containing valid php code (for example in EXIF part) and then upload it to server as forum avatar or signature or whatever. Now, if you can find security hole, called "local file inclusion", then you can try to include that jpeg file, so php engine will parse it and run the code, you wanted.
|
|
|
|
|
|
|
|
|
| Posted: Wed Jul 26, 2006 8:23 pm |
|
|
| 716 |
| Regular user |
|
|
| Joined: Feb 11, 2006 |
| Posts: 19 |
|
|
|
|
|
|
|
great, thank you, youre really good
edit: can MIME detection be fooled somehow?  |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 85
Members: 0
Total: 85
