Re: PHPBB 2.0.20 persistent issues with avatars

To: zx@xxxxxxxxxxxxxx
Subject: Re: PHPBB 2.0.20 persistent issues with avatars
From: "s89df987 s9f87s987f" <a059d8e0a9s8d0@xxxxxxxxxxx>
Date: Mon, 15 May 2006 19:46:01 -0500
Cc: rgod@xxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

On 5/13/06, Paul Laudanski <zx@xxxxxxxxxxxxxx> wrote:

I'd sure love to see the POC on this one.  PHP by default needs exif to be
enabled during installation in order to work with the image meta data.  So
in theory not enabling exif should cause this to be benign.


you misunderstanding the usage

(3) inject some php code inside jpeg files as EXIF metadata content:
this, "in combinations with third party vulnerable code" can be used
to compromise the server where PHP is installed.


note the text in quotes

meaning with another vulnerable script, such as one you can exploit toinclude a local files

so allowing the avatar images to go unchecked would make exploitation easierin such a case


_________________________________________________________________

On the road to retirement? Check out MSN Life Events for advice on how toget there! http://lifeevents.msn.com/category.aspx?cid=Retirement

Follow-Ups:
- Re: PHPBB 2.0.20 persistent issues with avatars
  - From: Paul Laudanski

Prev by Date: Code Injection via Hidden Form Field Manipulation
Next by Date: Sun single-CPU DOS
Previous by thread: Re: PHPBB 2.0.20 persistent issues with avatars
Next by thread: Re: PHPBB 2.0.20 persistent issues with avatars
Index(es):
- Date
- Thread