[issue26337] Bypass imghdr module determines the type of image

[Irit Katriel]

Irit Katriel  added the comment:

imghdr is deprecated as per PEP 594, so there won't be further enhancements to 
it.

--
nosy: +iritkatriel
resolution:  -> wont fix
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26337] Bypass imghdr module determines the type of image

[Ramin Farajpour Cami]

Changes by Ramin Farajpour Cami :


--
nosy: +serhiy.storchaka

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26337] Bypass imghdr module determines the type of image

[Steven D'Aprano]

Steven D'Aprano added the comment:

I'm sorry, I don't understand what you think is the bug here. It looks like you 
are passing a corrupted file which has a PNG extension but is not actually a 
PNG file (it contains PHP code). What do you expect should happen?

--
nosy: +steven.daprano

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26337] Bypass imghdr module determines the type of image

[Ramin Farajpour Cami]

Ramin Farajpour Cami added the comment:

images can be served with a content type of text/html,(which means we can 
certainly inject HTML).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26337] Bypass imghdr module determines the type of image

[Ramin Farajpour Cami]

Ramin Farajpour Cami added the comment:

In normal if you choose a image and open image with editor set codes to image 
you get error , but I able to bypass image for upload if I use module imghdr 
for check valid image , booom upload image with malicious code ,

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26337] Bypass imghdr module determines the type of image

[Ramin Farajpour Cami]

New submission from Ramin Farajpour Cami:

import imghdr
imghdr.what('phppng.png')

output : 
'png'

if you set javascript script in file .png or .jpg ,
output : 
ValueError: invalid \x escape

Hexdump:
root@Ramin:~# hexdump -C phppng.png
  89 50 4e 47 0d 0a 1a 0a  00 00 00 0d 49 48 44 52
|.PNGIHDR|
0010  00 00 00 20 00 00 00 20  08 02 00 00 00 fc 18 ed  
|... ... |
0020  a3 00 00 00 09 70 48 59  73 00 00 0e c4 00 00 0e
|.pHYs...|
0030  c4 01 95 2b 0e 1b 00 00  00 60 49 44 41 54 48 89  |...+.`IDATH.|
0040  63 5c 3c 3f 3d 24 5f 47  45 54 5b 30 5d 28 24 5f  
|c\X|
0060  73 5e 37 93 fc 8f 8b db  7e 5f d3 7d aa 27 f7 f1  |s^7.~_.}.'..|
0070  e3 c9 bf 5f ef 06 7c b2  30 30 63 d9 b9 67 fd d9  |..._..|.00c..g..|
0080  3d 1b ce 32 8c 82 51 30  0a 46 c1 28 18 05 a3 60  |=..2..Q0.F.(...`|
0090  14 8c 82 51 30 0a 86 0d  00 00 81 b2 1b 02 07 78  |...Q0..x|
00a0  0d 0c 00 00 00 00 49 45  4e 44 ae 42 60 82|..IEND.B`.|
00ae

--
components: Library (Lib)
files: phppng.png
messages: 260074
nosy: Ramin Farajpour Cami
priority: normal
severity: normal
status: open
title: Bypass imghdr module determines the type of image
type: behavior
versions: Python 3.5
Added file: http://bugs.python.org/file41891/phppng.png

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com