GIF PHP漏洞利用 [英] GIF PHP Exploit
问题描述
这里有很多次关于
图片上传的不同主题。这不是什么新鲜事,但我清楚地解释了它是什么以及如何处理它。希望它对你们中的一些人有所帮助。
http://www.phpclasses.org/blog/post/...IF-images.html
Best !
Sh。
-
Schraalhans Keukenmeester - sc ********* @the.Spamtrapexample.nl
[删除Spamtrap的小写部分给我发消息]
" strcmp(''apples'','''oranges'')< 0"
It''s been mentioned here a couple of times in different threads regarding
image uploading. It''s not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
Best!
Sh.
--
Schraalhans Keukenmeester - sc*********@the.Spamtrapexample.nl
[Remove the lowercase part of Spamtrap to send me a message]
"strcmp(''apples'',''oranges'') < 0"
推荐答案
Schraalhans Keukenmeester写道:
Schraalhans Keukenmeester wrote:
它''关于
图像上传,这里曾多次提到过不同的帖子。这不是什么新鲜事,但我清楚地解释了它是什么以及如何处理它。希望它对你们中的一些人有所帮助。
It''s been mentioned here a couple of times in different threads regarding
image uploading. It''s not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
>
Best!
Sh。
>
Best!
Sh.
谢谢。
好警告。
我总是在保存之前加载并重新上传GD上传的图像,所以我想我的应用程序是免费的gif / php漏洞。 (比运气更幸运。)
谢谢。
问候,
Erwin Moller
Thanks.
Good warning.
I always load and resample uploaded images in GD before saving them, so I
guess my apps are safe from gif/php exploit. (More luck than wisdom.)
Thanks.
Regards,
Erwin Moller
On 22.06.2007 12:57 Schraalhans Keukenmeester写道:
On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
这里已经提到了几次不同的关于
图片上传的主题。这不是什么新鲜事,但我清楚地解释了它是什么以及如何处理它。希望它对你们中的一些人有所帮助。
http://www.phpclasses.org/blog/post/...IF-images.html
Best !
Sh。
It''s been mentioned here a couple of times in different threads regarding
image uploading. It''s not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...IF-images.html
Best!
Sh.
这个漏洞利用程序如何与GIF文件特别相关?您可以在任何文件中插入
php代码,并且每个上传脚本都不会检查文件
扩展名是否容易受到攻击。
-
gosha bine
扩展php解析器〜 http://code.google.com/p/pihipi
blok~ http://www.tagarga.com/blok
6月22日,1:下午41点,gosha bine< stereof ... @ gmail.comwrote:
On Jun 22, 1:41 pm, gosha bine <stereof...@gmail.comwrote:
On 22.06.2007 12:57 Schraalhans Keukenmeester写道:
On 22.06.2007 12:57 Schraalhans Keukenmeester wrote:
这里有几次关于
图像上传的不同主题。这不是什么新鲜事,但我清楚地解释了它是什么以及如何处理它。希望它对你们有些帮助。
It''s been mentioned here a couple of times in different threads regarding
image uploading. It''s not new, but I found a clear explanation of what it
is and how to deal with it. Hope it helps some of you.
http://www.phpclasses.org/blog/post/...loit-with-GIF- ...
http://www.phpclasses.org/blog/post/...loit-with-GIF-...
最好!
Sh。
Best!
Sh.
这个漏洞利用程序如何与GIF文件特别相关?您可以在任何文件中插入
php代码,并且每个上传脚本都不会检查文件
扩展名是否容易受到攻击。
-
gosha bine
扩展php解析器〜 http://code.google.com/p/pihipi
blok~ http://www.tagarga.com/blok
这不仅仅是检查文件的简单问题扩展,请参阅url
下面的示例,当然其他包括在jpeg评论中执行
的php,或者只是图片中的XSS。有些机器
还可以,有些不是,取决于你的设置,甚至提供图像通过
下载文件可能无法在某些设置上停止它。
http://milw0rm.com/video/watch.php?id=58 -
it isnt just a simple question of examining file extensions, see url
below for an example, there are of course others including execution
of php within jpeg comments, or just XSS within images. Some machines
are ok, some are not, depends on your setup, even serving image via
download file might not stop it on some setups.
http://milw0rm.com/video/watch.php?id=58-
这篇关于GIF PHP漏洞利用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
