Images with unknown content: Dangerous for the browser?

Question

Images with unknown content: Dangerous for the browser?

Let's say I allow users to link to any images that they like. The link will be checked for syntactic correctness, escaping, etc., and then inserted into the tag <img src="..."/>.

Are there any known security vulnerabilities, for example. does someone refer to "evil.example.com/evil.jpg" and evil.jpg contains code that will be executed due to a browser error or something like that?

_{(Let CSRF attacks be ignored - it should be enough for me to only allow URLs with typical image file suffixes.)}

+3

security browser png gif jpeg

Chris lercher Jun 11 '10 at 11:57

source share

5 answers

JPEG. , , , .

+1

Sjoerd 11 . '10 12:07

, . , . . , , .

: http://www.securityfocus.com/bid/14282/discuss ( ).

, , . , . 1000 ... ... .

+1

Guillaume 11 . '10 12:09

, , . , URL- , XSS. , , , :

:

, . URL- , . _{chris_l: , - (FF 3.5) Referer.}
, . , . , , .
. , . _{chris_l: ! ( , - , ... ?)}
AJAX- . _{chris_l: , - ?}
, . _{chris_l: , HTTPS.}

+1

Tom Hawtin - tackline 11 . '10 13:32

: !

, cookie ( sessionID) , . , sessionID. PHP-, sessionID:

, :

<img src="http://example.com/somepic.jpg alt="" />

http://example.com .htaccess, :

RewriteRule ^somepic\.jpg$ evilscript.php

then pic is actually a php file that generates an image, but also does some evil things like stealing a session or something else ...

0

Alex Sawallich Jun 11 '10 at 12:14

source share

Curtis · Accepted Answer · 2010-06-11T12:04:49+0000

Security risks in image files arise from time to time. Here is an example: https://web.archive.org/web/1/http://articles.techrepublic%2ecom%2ecom/5100-22_11-5388621.html?tag=nl.e019 . This is an old article, so it’s obvious that these things are rolling for a while.

, - / , , , . , . , . , , , , .

Images with unknown content: Dangerous for the browser?

More articles: