ID: 37467 Updated by: [EMAIL PROTECTED] Reported By: paul at castlecops dot com -Status: Open +Status: Feedback Bug Type: EXIF related Operating System: Linux PHP Version: 4.4.2 New Comment:
Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. Previous Comments: ------------------------------------------------------------------------ [2006-05-16 21:25:19] paul at castlecops dot com Description: ------------ Affected Versions: PHP 5.1.4 and 4.4.2 The PHP server evaluates code inside a technically valid JPEG's technically valid Exif header. It'll evaluate it even if exif is not compiled into PHP. Reproduce code: --------------- I need to attach it. Expected result: ---------------- The POC jpg will write a file to the filesystem and include whatever PHP code there is. Anything is possible given the permissions of the web server. Actual result: -------------- The POC jpg will write a file to the filesystem and include whatever PHP code there is. Anything is possible given the permissions of the web server. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=37467&edit=1
