Would a file upload function be vulnerable to code execution where the uploaded file is always converted to a PNG file by the application? For example, if one uploads shell.php and this file is converted into somerandomstring.png, can one assume that it is not vulnerable as the server will always render this as an image when accessing the link directly?
Asked
Active
Viewed 54 times
0
-
*"... the server will always render this as an image when accessing the link directly?"* - I have problems to understand this statement. If you are talking about web then the rendering is not done by the server, but by the client. How it gets rendered depends on the content-type, context and content, which are not known here. – Steffen Ullrich Nov 15 '21 at 19:27
-
How do you convert it? There [are (or were) well-known vulnerabilities in ImageMagick](https://imagetragick.com/) which could overwrite or delete files or install a bitcoin miner etc *on the server when it does the conversion* – user253751 Nov 16 '21 at 10:36
-
you can assume it's safe other than a very targeted zero-day against the PNG encoder. other than that it's just a broken image as far as just about anything is concerned. – dandavis Nov 16 '21 at 19:00