This technique describes how to exploit apps which encode pictures during a Php upload. Embedding Php code inside gif files which are uploaded is a known technique to execute arbitrary code on a Apache Php installation. Now what can one do when the code which uploads the file processes and encodes the file to a thumbnail and only this thumbnail is accessible remotely with the correct extension? The gif file is crunshed and the embedded Php code disappears, bad situation you might think. The solution is to zero out all size fields of the gif file using a hex editor. The result after the upload is that the encoding routine processes the file without modifying it because of size checks. The Php code stays embedded in the file. -kc
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
