Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
GIF Bug in Firefox
Posted by: fragge
Date: February 21, 2008 10:45PM

Opening a gif and removing all of the content bar the filetype and some script (GIF89a<script>alert("TEST")</script>) and then displaying it in a browser results in two different things. In IE, we get a small cross. In Firefox, we get an enormous broken image that spans many pages. Can probably be exploited to deface/break pages. Wierd, dunno if anyone else has noted this, probably :P

Note: This doesn't execute the script in either browser.. It just makes a massive images in FF 2.0+ (havent tested 3.0)

Edit: Also, does anyone know if the vuln with gifs has been patched by both browsers? I cannot execute JS nor PHP through any gifs I manipulate. Cheers



Edited 2 time(s). Last edit at 02/21/2008 11:01PM by fragge.

Options: ReplyQuote
Re: GIF Bug in Firefox
Posted by: backbone
Date: May 02, 2008 08:16PM

it's not a bug, the problem is that you wrote the <script>alert("TEST")</script> in the Logical Screen Descriptor (GiF filetype header), which tells the browser the image size, and space to allocate for it -> http://members.aol.com/royalef/gifabout.htm

Options: ReplyQuote
Re: GIF Bug in Firefox
Posted by: SpoofGhost
Date: June 21, 2008 07:00AM

btw, the gif bug if you can call it a bug still works in I.E7 you can still execute code from a gif/jpg file

Options: ReplyQuote


Sorry, only registered users may post in this forum.