[40949] in bugtraq
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as
daemon@ATHENA.MIT.EDU (Nicob)
Sat Oct 29 19:50:15 2005
From: Nicob <nicob@nicob.net>
To: Tatercrispies <tatercrispies@gmail.com>
Cc: webappsec@securityfocus.com, bugtraq@securityfocus.com,
full-disclosure@lists.grok.org.uk
In-Reply-To: <6170a5450510270654w2551c959ic77ff7bd26cb9ce9@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Date: Thu, 27 Oct 2005 16:30:31 +0200
Message-Id: <1130423431.7253.85.camel@localhost>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Le jeudi 27 octobre 2005 à 08:54 -0500, Tatercrispies a écrit :
> And I really don't see how this could ever be used to execute
> server-side script unless for some bizarre reason you had your
> webserver so completely misconfigured as to be beyond imagination. Why
> would you be parsing image files through the PHP interpreter.
Please look at http://shsc.info/FileUploadSecurity#titelanker5 ...
And yes, it happens in real life scenarios !
Nicob
