Critical Vuln in Smile challenge
Global Rank: 229
Totalscore: 92743
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 281d
Last Seen: 54m 14s
The User is Offline
Critical Vuln in Smile challenge
Aug 04, 2012 - 13:22:52 (12y 112d)
Aug 04, 2012 - 13:22:52 (12y 112d)
Tonight kepten reported a critical vuln in the smile challenge.
It was possible to upload images containing php code, and name the file foo.php.gif, and the php code got executed.
I could not find out how to stop apache interpreting the files with php, so i fixed it by disallowing ".php" in the filenames.
Big thanks to kepten for reporting this critical flaw.
If anyone knows how to stop apache running the php interpreter for foo.php.gif files, i would appreciate sharing the knowledge
Happy Challenging!
gizmore
EDIT: The problem was caused by a custom .htaccess and is fixed in svn now. First i tried to fix by Options -MultiViews, but this didn't work. Thanks to epoch for locating the problem!
EDIT2: It seems that image.php.foo is also nice to trick the apache
It was possible to upload images containing php code, and name the file foo.php.gif, and the php code got executed.
I could not find out how to stop apache interpreting the files with php, so i fixed it by disallowing ".php" in the filenames.
Big thanks to kepten for reporting this critical flaw.
If anyone knows how to stop apache running the php interpreter for foo.php.gif files, i would appreciate sharing the knowledge
Happy Challenging!
gizmore
EDIT: The problem was caused by a custom .htaccess and is fixed in svn now. First i tried to fix by Options -MultiViews, but this didn't work. Thanks to epoch for locating the problem!
EDIT2: It seems that image.php.foo is also nice to trick the apache
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Aug 04, 2012 - 22:13:41
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 2730 times.
1 people are watching the thread at the moment.
This thread has been viewed 2730 times.