Re: [PHP] Check RAW data

Date: Mon, 21 Apr 2008 12:29:11 +0200
From: "Nitsan Bin-Nun" <nitsanbn@xxxxxxxxx>
Subject: Re: [PHP] Check RAW data

On IE 5.5 and 6.x you can inject JS through PNG's
As I remember, they patched it at 7.x


On 20/04/2008, Richard Heyes <richardh@xxxxxxxxxxx> wrote:
>
> I mean, if you already specified it as a PNG image with header(), how
> > do you execute Javascript/malicious code, as the browser will render
> > it as a PNG?
> >
>
> Malicious code can still be embedded in images. The vulnerabilities ISTR
> are in Windows image handling libraries. I assume they've been fixed now
> though because it was some time ago. But that doesn't mean to say more won't
> be found.
>
> --
> Richard Heyes
>
> +----------------------------------------+
> | Access SSH with a Windows mapped drive |
> |    http://www.phpguru.org/sftpdrive    |
> +----------------------------------------+
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

References:
- [PHP] Check RAW data
  - From: rb
- Re: [PHP] Check RAW data
  - From: Jason Norwood-Young
- Re: [PHP] Check RAW data
  - From: Regular email
- Re: [PHP] Check RAW data
  - From: Richard Heyes

Prev by Date: Re: [PHP] AJAX and PHP
Next by Date: Re: [PHP] function returns no value
Previous by thread: Re: [PHP] Check RAW data
Next by thread: Re: [PHP] Check RAW data
Index(es):
- Date
- Thread

lists-archives.org

Re: [PHP] Check RAW data