Announcement

Collapse
No announcement yet.

Mysterious "image" able to circumvent vbulletin's size restriction...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mysterious "image" able to circumvent vbulletin's size restriction...

    A user uploaded a jpg as his avatar that is 100x75 (my max is set at 80x80 for his usergroup). I saved it to my computer and sure enough I can upload it too.

    However I can't edit the image or view it in windows. Is it some kind of crazy hacked jpg?

  • #2
    Update: I cannot upload the image as my avatar for this forum:
    "The uploaded file is not a valid GIF, JPG, or PNG file. Please ensure that it is and try again."

    However I CAN upload it to my forum, where as I said it's able to circumvent any image dimension max settings: (I'm running 3.03)


    http://www.talkbass.com/forum/member.php?u=22550


    Any ideas?

    Comment


    • #3
      I'm pretty sure that is not a JPG.

      This maybe a variant of the JPG buffer overrun in Windows (non-XP SP2 + various applications) which can execute remote code when viewed in a susceptible program, including IE, Windows Explorer etc.

      Comment


      • #4
        Do you have the "Ignore Image Size failure" option enabled on your forum? That appears to be a corrupt jpeg image.

        Comment


        • #5
          For reference:


          Allow Image Size Checking Failure
          On some servers, calls to getimagesize() to check image dimensions may fail for currently unknown reasons. If you are affected by this, you will want to set this option to 'Yes', otherwise you will not be able to upload images (avatars or attachments). However, users may be able to get around your image dimension limits!
          vBulletin v3.8.0's Implementation of Google Adsense Should Be Avoided At All Costs - Do Your Own Adsense Implementation

          Comment


          • #6
            Thanks guys. It was set to 'no' - i set it to 'yes' and the image is no longer uploadable.

            Comment


            • #7
              Originally posted by kontrabass
              Thanks guys. It was set to 'no' - i set it to 'yes' and the image is no longer uploadable.
              I think you mean the other way around, no?

              Comment


              • #8
                Doh. Yes, the other way around. I'm an idiot

                Comment

                Related Topics

                Collapse

                Working...
                X