Skip to main content
Information Security

Return to Question

Bumped by Community user
Bumped by Community user
edited body
Source Link
user45139
user45139

I am administering a mobile application with many users. Users can upload their own .jpg images.

I cannot know at this moment if image inputs on the application I am administrating are sanitized or not, but I know that a user managed to upload an image which crashes application for whoever views the image.

It works like this:

  1. User uploads his .jpg.jpg file to his profile

  2. It gets stored in database

I checked the database and saw that instead of the image file name for the user it says simply < HTML >< / HTML><HTML></HTML>

I instantly realized that he might have a method to merge htmlHTML/phpPHP files with image files and execute code.

Being extremely stupid I deleted the actual file he uploaded without checking it first.

Now, is there some way to launch simple php/mysql codes using the image merge method to test the vulnerability myself? I tried variations with adding html and php code in EXIF data of the header, but it still saved as a normal image in the database. I did not manage to get the image saved as < HTML >< / HTML> as the hacker originally did.

It is possible that he couldn't get past the security and actually hack into the server, but it is obvious he launched a script which resulted in an error and the app crashing.

I would like to figure out what kind of a method was used here. Would appreciate any help!

I am administering a mobile application with many users. Users can upload their own .jpg images.

I cannot know at this moment if image inputs on the application I am administrating are sanitized or not, but I know that a user managed to upload an image which crashes application for whoever views the image.

It works like this:

  1. User uploads his .jpg file to his profile

  2. It gets stored in database

I checked the database and saw that instead of the image file name for the user it says simply < HTML >< / HTML>

I instantly realized that he might have a method to merge html/php files with image files and execute code.

Being extremely stupid I deleted the actual file he uploaded without checking it first.

Now, is there some way to launch simple php/mysql codes using the image merge method to test the vulnerability myself? I tried variations with adding html and php code in EXIF data of the header, but it still saved as a normal image in the database. I did not manage to get the image saved as < HTML >< / HTML> as the hacker originally did.

It is possible that he couldn't get past the security and actually hack into the server, but it is obvious he launched a script which resulted in an error and the app crashing.

I would like to figure out what kind of a method was used here. Would appreciate any help!

I am administering a mobile application with many users. Users can upload their own .jpg images.

I cannot know at this moment if image inputs on the application I am administrating are sanitized or not, but I know that a user managed to upload an image which crashes application for whoever views the image.

It works like this:

  1. User uploads his .jpg file to his profile

  2. It gets stored in database

I checked the database and saw that instead of the image file name for the user it says simply <HTML></HTML>

I instantly realized that he might have a method to merge HTML/PHP files with image files and execute code.

Being extremely stupid I deleted the actual file he uploaded without checking it first.

Now, is there some way to launch simple php/mysql codes using the image merge method to test the vulnerability myself? I tried variations with adding html and php code in EXIF data of the header, but it still saved as a normal image in the database. I did not manage to get the image saved as < HTML >< / HTML> as the hacker originally did.

It is possible that he couldn't get past the security and actually hack into the server, but it is obvious he launched a script which resulted in an error and the app crashing.

I would like to figure out what kind of a method was used here. Would appreciate any help!

Source Link
AndyTTT
AndyTTT
  • 21
  • 2

How to test image upload vulnerability in a mobile application?

I am administering a mobile application with many users. Users can upload their own .jpg images.

I cannot know at this moment if image inputs on the application I am administrating are sanitized or not, but I know that a user managed to upload an image which crashes application for whoever views the image.

It works like this:

  1. User uploads his .jpg file to his profile

  2. It gets stored in database

I checked the database and saw that instead of the image file name for the user it says simply < HTML >< / HTML>

I instantly realized that he might have a method to merge html/php files with image files and execute code.

Being extremely stupid I deleted the actual file he uploaded without checking it first.

Now, is there some way to launch simple php/mysql codes using the image merge method to test the vulnerability myself? I tried variations with adding html and php code in EXIF data of the header, but it still saved as a normal image in the database. I did not manage to get the image saved as < HTML >< / HTML> as the hacker originally did.

It is possible that he couldn't get past the security and actually hack into the server, but it is obvious he launched a script which resulted in an error and the app crashing.

I would like to figure out what kind of a method was used here. Would appreciate any help!