 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 446
 Members: 0
 Total: 446
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
mime types... |
|
 Posted: Mon Jul 24, 2006 10:11 am |
 |
|
| 716 |
| Regular user |
 |
|
| Joined: Feb 11, 2006 |
| Posts: 19 |
|
|
|
 |
|
 |
|
hi guys 
i'd like to ask something, maybe someone can help me... yea, its about mime types... can they be faked? i mean, is it possible that i have a php file that i upload and somehow tell the browser that the mime type is JPEG? it would be a pretty neat trick to "fool" some server side scripts...
any ideas/suggestions?
thanks |
|
|
|
|
|
|
|
|
| Posted: Mon Jul 24, 2006 5:25 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
You can have php script "foobar.php", which is containing code 'header( "Content-type: image/jpeg\n\n");'
Now you can go to:
http://www.testservxyz.com/foobar.php
... and you see picture, because browser sees it as picture.
You can even use .htaccess mod_rewrite tricks on Apache:
| Code: |
RewriteEngine on
RewriteRule ^coolpic.jpg foobar.php
|
... and when you do:
http://www.testservxyc.com/coolpic.jpg
... then actually php script will be run.
This is by the way very frequently used method to dynamical picture generation. With mod_rewrite using you cant differ "real" picture form php generated picture |
|
|
|
|
|
|
|
|
| Posted: Wed Jul 26, 2006 1:29 pm |
|
|
| 716 |
| Regular user |
|
|
| Joined: Feb 11, 2006 |
| Posts: 19 |
|
|
|
|
|
|
|
aaaah, this is how (for eg.) gmail does, that when you click "download" to a picture (as attachment) it downloads it and doesnt open it in the browser...
but what i was thinking of is this: if you are a simple user on a forum where you have rights to upload pics, zip files as attachment, could you somehow fool the browser (the mime-type detection) so that it lets you upload a PHP script, thinking that its actually a JPEG... |
|
|
|
|
|
|
|
|
| Posted: Wed Jul 26, 2006 5:39 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| 716 wrote: | aaaah, this is how (for eg.) gmail does, that when you click "download" to a picture (as attachment) it downloads it and doesnt open it in the browser...
but what i was thinking of is this: if you are a simple user on a forum where you have rights to upload pics, zip files as attachment, could you somehow fool the browser (the mime-type detection) so that it lets you upload a PHP script, thinking that its actually a JPEG... |
First, that forced download - it's done with help of "content disposition":
http://support.microsoft.com/kb/q260519/
How To Raise a "File Download" Dialog Box for a Known MIME Type
Second: it's all depend on SERVER side, not client side!!
You can always write some perl/php script or c application and try to do ANY thing you ever want against server, including php scripts upload.
But if server-side upload script is well written, then your tryings will fail.
Still, there are lot's of weak upload scripts, which can be manipulated with ".." (traversal), "%00" (null bytes) and other interesting methods.
One more thing to mention - you can craft jpeg picture file, containing valid php code (for example in EXIF part) and then upload it to server as forum avatar or signature or whatever. Now, if you can find security hole, called "local file inclusion", then you can try to include that jpeg file, so php engine will parse it and run the code, you wanted.
|
|
|
|
|
|
|
|
|
| Posted: Wed Jul 26, 2006 8:23 pm |
|
|
| 716 |
| Regular user |
|
|
| Joined: Feb 11, 2006 |
| Posts: 19 |
|
|
|
|
|
|
|
great, thank you, youre really good
edit: can MIME detection be fooled somehow?  |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
