Update exif_imagetype bypass

This commit is contained in:
Vladislav Nechakhin 2019-02-07 14:59:22 +07:00
parent 7877647db1
commit 90db8b0f11

View File

@ -27,9 +27,9 @@ AddType application/x-httpd-php .htaccess
# .htaccess upload as image
If the exif_imagetype function is used on the server side to determine the image type, create a .htaccess/image polyglot.
If the `exif_imagetype` function is used on the server side to determine the image type, create a `.htaccess/image` polyglot.
[Supported image types](http://php.net/manual/en/function.exif-imagetype.php#refsect1-function.exif-imagetype-constants) include [X BitMap (XBM)](https://en.wikipedia.org/wiki/X_BitMap) and [WBMP](https://en.wikipedia.org/wiki/Wireless_Application_Protocol_Bitmap_Format). In .htacces ignoring lines starting with `\x00` and `#`, you can use these scripts for generate a valid .htaccess/image polyglot.
[Supported image types](http://php.net/manual/en/function.exif-imagetype.php#refsect1-function.exif-imagetype-constants) include [X BitMap (XBM)](https://en.wikipedia.org/wiki/X_BitMap) and [WBMP](https://en.wikipedia.org/wiki/Wireless_Application_Protocol_Bitmap_Format). In `.htaccess` ignoring lines starting with `\x00` and `#`, you can use these scripts for generate a valid `.htaccess/image` polyglot.
```python
# create valid .htaccess/xbm image
@ -63,4 +63,4 @@ with open('.htaccess', 'wb') as htaccess:
* [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
* [Protection from Unrestricted File Upload Vulnerability](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
* [Writeup to l33t-hoster task, Insomnihack Teaser 2019/](http://corb3nik.github.io/blog/insomnihack-teaser-2019/l33t-hoster)
* [Writeup to l33t-hoster task, Insomnihack Teaser 2019](http://corb3nik.github.io/blog/insomnihack-teaser-2019/l33t-hoster)