SignupHide Sidebar
Username: 
Password: 
Restrict session to IP 
Statistics
47 Sites
180 Challs
8873 Posts
66417 Users
41 donations
0 Patreons
1 Shop
47 Active Sites
World of Wargame
WeChall
TheBlackSheep
Rankk
Electrica
NewbieContest
LOST-Chall
Yashira
BrainQuest
Net-Force
HackThisSite
ThisisLegal.com
elhacker.net
TryThis0ne
TDHack
+Ma's Reversing
Hacker.org
HackBBS
Root-Me
SPOJ
Revolution Elite
W3Challs
Gekkó
Webhacking.kr
Reversing.Kr
SuNiNaTaS
Hacking-Challenges
OverTheWire.org
RedTigers Hackit
Defend the Web
Mod-X
Omega Project
ae27ff
pwnable.kr
RingZer0 Team Online CTF
pwnable.tw
Hack The Box
try to decrypt
MysteryTwister
LordofSQLi
Énigmes À Thématiques
247CTF
CryptoHack
PyDéfis
PromptRiddle
PWN.TN
pwn.college
Top 10 Players
dloser
benito255
jusb3
Caesum
tehron
phoenix1204
lordOric
thefinder
Akorlith
Xaav
Last 20 Activities
Orb1t4l
chimera
windhund
Elian
GH05T
senhikunana
gnd_z3R0
RCS
benito255
vulturized
benito255
Xokage
Puntore1992
tev27
sigma1
EliaR
Gulnaz
sysfail
Jair74013
healer_hack
Online within 1d
44 Users
B0nk3rZ
tev27
hanto
tehron
HvT
p0lar
windhund
cheerfulbull
shyW
chimera
Elian
vulturized
livinskull
Puntore1992
soki
faust
jusb3
GH05T
RCS
gizmore
more
WeChall->WeChall

Critical Vuln in Smile challenge

Warchall got rooted againXSS Vulnerability in BBCodeItem
Global Rank: 253
Totalscore: 87266
Posts: 1639
Thanks: 1338
UpVotes: 886
Registered: 16y 70d




Last Seen: 3h 34m
The User is Offline
Send EMail to gizmore
Critical Vuln in Smile challenge
Aug 04, 2012 - 13:22:52 (11y 266d) Google/translate1Thank You!1Good Post!1Bad Post! link
Tonight kepten reported a critical vuln in the smile challenge.
It was possible to upload images containing php code, and name the file foo.php.gif, and the php code got executed.

I could not find out how to stop apache interpreting the files with php, so i fixed it by disallowing ".php" in the filenames.

Big thanks to kepten for reporting this critical flaw.

If anyone knows how to stop apache running the php interpreter for foo.php.gif files, i would appreciate sharing the knowledge Smile

Happy Challenging!
gizmore



EDIT: The problem was caused by a custom .htaccess and is fixed in svn now. First i tried to fix by Options -MultiViews, but this didn't work. Thanks to epoch for locating the problem!

EDIT2: It seems that image.php.foo is also nice to trick the apache
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Aug 04, 2012 - 22:13:41
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, JanLitwin17, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 2567 times.