Injection through PHP
So there's this site that will turn an image url into an image when you send it in a message. For example, if I sent a message that said "http://www.hellboundhackers.org/fusion_images/hbhbanner.png" It would show the HBH banner.
But it's got a problem in that if you put a PHP page with an image extension at the end, it will try to display it. Ex. http://site.com/script.php?jpg
I don't have malicious intentions, but is there any way to use that to exploit the site?
Find other files such as .txt or .html files and put that after the php question mark.
That won't work though, unless I make my script accept certain variables. The site.com would be my site, and script.php would be my script. So for example, what I thought might work was this: In script.php, put <?php echo "Test"; ?>
and then, in a message, put this: http://site.com/script.php?jpg
And I was hoping that it would say "Test" in the message.
So try it?
Try doing that and if it works you probably have yourself an exploitable hole. Whether or not it will work really depends on the script that displays the image, whether it checks the filetype etc. Chances are though, it just gets the URL and shoves it between <img src=" and "> In which case you, you might have an XSS hole.