Page 1 of 1

Gif Exploit

Posted: Sat Jun 23, 2007 12:54 am
by Benjamin

Posted: Sat Jun 23, 2007 6:22 am
by superdezign
I heard about that last night on Digg. Everyone was panicking and such, but I was just proud of whoever successfully made it. :D

Posted: Sat Jun 23, 2007 6:59 am
by Weirdan
that article wrote: When users download the image to view it, the server parses the PHP code and the exploit is executed, as it serves the image to the user.
Who on earth would configure webserver to parse images as PHP files?? Too stupid to be true.

Posted: Sat Jun 23, 2007 10:06 am
by Benjamin
I was wondering the same thing. Doesn't really make sense to me.

Posted: Sat Jun 23, 2007 10:12 am
by The Phoenix
Weirdan wrote:Who on earth would configure webserver to parse images as PHP files?? Too stupid to be true.
I'm wondering if everyones favorite mod_rewrite action (funnel any unknown file to a php script for processing) is part of the magic making it happen often.

Posted: Sat Jun 23, 2007 1:13 pm
by timvw
A possible way to 'exploit' was mentionned a while ago here: http://ha.ckers.org/blog/20070604/passi ... imagesize/

Posted: Sat Jun 23, 2007 1:19 pm
by Benjamin
Not checking the file extension! 8O

That would do it.