Username: 
Password: 
Restrict session to IP 

Critical Vuln in Smile challenge

Global Rank: 227
Totalscore: 94359
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 8h 19m
The User is Offline
Critical Vuln in Smile challenge
Google/translate1Thank You!1Good Post!1Bad Post! link
Tonight kepten reported a critical vuln in the smile challenge.
It was possible to upload images containing php code, and name the file foo.php.gif, and the php code got executed.

I could not find out how to stop apache interpreting the files with php, so i fixed it by disallowing ".php" in the filenames.

Big thanks to kepten for reporting this critical flaw.

If anyone knows how to stop apache running the php interpreter for foo.php.gif files, i would appreciate sharing the knowledge Smile

Happy Challenging!
gizmore



EDIT: The problem was caused by a custom .htaccess and is fixed in svn now. First i tried to fix by Options -MultiViews, but this didn't work. Thanks to epoch for locating the problem!

EDIT2: It seems that image.php.foo is also nice to trick the apache
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Aug 04, 2012 - 22:13:41
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 2750 times.