On 5/13/06, Paul Laudanski <zx (at) castlecops (dot) com [email concealed]> wrote:
>I'd sure love to see the POC on this one. PHP by default needs exif to be
>enabled during installation in order to work with the image meta data. So
>in theory not enabling exif should cause this to be benign.
you misunderstanding the usage
>>(3) inject some php code inside jpeg files as EXIF metadata content:
>>this, "in combinations with third party vulnerable code" can be used
>>to compromise the server where PHP is installed.
note the text in quotes
meaning with another vulnerable script, such as one you can exploit to
include a local files
so allowing the avatar images to go unchecked would make exploitation easier
in such a case
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>I'd sure love to see the POC on this one. PHP by default needs exif to be
>enabled during installation in order to work with the image meta data. So
>in theory not enabling exif should cause this to be benign.
you misunderstanding the usage
>>(3) inject some php code inside jpeg files as EXIF metadata content:
>>this, "in combinations with third party vulnerable code" can be used
>>to compromise the server where PHP is installed.
note the text in quotes
meaning with another vulnerable script, such as one you can exploit to
include a local files
so allowing the avatar images to go unchecked would make exploitation easier
in such a case
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
[ reply ]