[Clipart] [Fwd: Re: security]
Jon Phillips
jon at rejon.org
Sun Oct 23 16:56:09 PDT 2005
-------- Forwarded Message --------
> From: Kees Cook <kees at outflux.net>
> To: Jon Phillips <jon at rejon.org>
> Cc: Bryce Harrington <bryce at bryceharrington.org>
> Subject: Re: security
> Date: Thu, 20 Oct 2005 22:40:55 -0700
>
> On Tue, Oct 18, 2005 at 06:35:51PM -0700, Jon Phillips wrote:
> > Would you have anytime to check this out? I would really appreciate it.
>
> In "upload.cgi", here's the problem:
>
> } else {
> $ext = $filetype; if ($ext eq 'other') {
> ($ext) = $file =~ /[.](.*)$/; } # This can be greatly improved.
> $outfile = catfile($CONFIG{destination_directory}, "$t.$ext");
>
> Basically, you'll need to eliminate the concept of "other" extensions
> from all of the upload scripts. (They all have the same basic
> vulnerability.) You'll need to process only known extensions so that
> .php or .cgi file (or other future things) can't be uploaded.
>
>
> Based on the logs, your attacker looks like a bored hungarian. Found
> the upload script via a google search, and spent about 3 hours
> perfecting the attack specific to the OCAL scripts:
>
> 80.99.252.106 - - [17/Oct/2005:12:02:15 -0700] "GET /cgi-bin/upload_svg.cgi HTTP/1.1" 200 19587 "http://www.google.co.hu/search?q=image+upload&hl=hu&hs=vlE&lr=&client=firefox-a&rls=org.mozilla:en-US:official&start=10&sa=N" "Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20050924 Firefox/1.0.7"
>
>
--
Jon Phillips
San Francisco, CA
USA PH 510.499.0894
jon at rejon.org
http://www.rejon.org
MSN, AIM, Yahoo Chat: kidproto
Jabber Chat: rejon at gristle.org
IRC: rejon at irc.freenode.net
Inkscape (http://inkscape.org)
Open Clip Art Library (www.openclipart.org)
More information about the clipart
mailing list