Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 19
Members Online: 4

Registered Members: 82824
Newest Member: devilslegion
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

image overflow


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-10-05 14:58
I know .tif pictures can contain scripts that allow for overflows etc. But how do you add script to a tif iimage? Or get it to run code? THanks


Author

RE: image overflow


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-10-05 15:29
I know of ways to contain php in the meta data of any image, but not specifically tifs.
Author

RE: image overflow


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-10-05 16:49
try using a hex editor and typing the code in, may need to ad dbytes to the end.


Author

RE: image overflow


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-10-05 21:58
fagitz wrote:
I know of ways to contain php in the meta data of any image, but not specifically tifs.


how do you do that?

wolfmankurd wrote:
try using a hex editor and typing the code in, may need to ad dbytes to the end.


what do you mean dbytes?


Author

RE: image overflow


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-10-05 23:12
Well, this isn't a great way to do it, and if the other method works, I'd do that. First, you'll have to read up on php and then you'll be inserting this code into an actual image.

Have the image and open it up in something like notepad, it's then just a case of adding the php to the end of the image and then naming it fdfsdfsd.php.

This may not work for a lot of situations, since most things will disallow any .php extensions. This is only useful because it's still actually an image, and because of this, hotornot.com was exploited due to the fact it only checked if it was an image (didn't check extensions). When the server came to it, it saw it as fsjfslsdf.php and ran it.