Jason Wong wrote:
On Monday 15 May 2006 10:53, Richard Lynch wrote:
On Sat, May 13, 2006 5:11 pm, Nick Wilson wrote:
are there any security concerns with uploaded images?
YES!!!
Just what are the security concerns exactly? Assuming we're only focusing
on attacks to the webserver[1] then I can only think of 2 (are there
anymore?):
1) the uploaded file is a binary executable
2) the uploaded file is a "script" (perl/php/python/etc)
In the case of (1), the attacker, having uploaded a malicious file would
then have to find some way of getting it executed. On a un*x-like system
the uploaded file would/should not have the executable bit set, so the
attacker would have to find a way to set that bit AND to execute it. This
would be very unlikely.
In the case of (2), if the script relies on its shebang line to execute
then it would have to overcome the same obstacles as (1) for it to get
executed. Otherwise, eg in the case of PHP, it would have to rely on the
web application to include()[2] or eval() the malicious file. Since it is
supposed to be an image file then the web developer would/should not
intentionally use include()/eval() on such files. However in poorly
written applications where input to include()/eval() can come from the
user/attacker and are not properly sanitised it is then that the attacker
will have a field day.
Not necessarily. Poor checks on the filetype could result in a php
script being uploaded into a "temp" or "cache" folder, then you can just
access it through a browser.
See recent thread starting here:
http://marc.theaimsgroup.com/?l=php-general&m=114643000627380&w=2
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
