WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #24251, comment 57


Ignore:
Timestamp:
02/27/2016 09:18:20 PM (6 years ago)
Author:
chriscct7
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #24251, comment 57

    initial v1  
    22> I tested this morning; WP does not protect against me uploading a text-file renamed to .png, so there is probably very little to stop me uploading a malicious payload in any format.
    33
    4 That's not comparable to sanitized SVG upload. A PNG file, on render or access, does not run scripts. An sanitized SVG can contain JavaScript or trigger remotely run code. There's quite a few different ways SVG files can cause malicious output. A good overview of some these issues is: https://www.blackhat.com/docs/us-14/materials/us-14-DeGraaf-SVG-Exploiting-Browsers-Without-Image-Parsing-Bugs.pdf
     4That's not comparable to sanitized SVG upload. A PNG file, on render or access, does not run scripts. An unsanitized SVG can contain JavaScript or trigger remotely run code. There's quite a few different ways SVG files can cause malicious output. A good overview of some these issues is: https://www.blackhat.com/docs/us-14/materials/us-14-DeGraaf-SVG-Exploiting-Browsers-Without-Image-Parsing-Bugs.pdf
    55
    66However, as those slides were presented 2 years ago, several new attack vectors found over the last 2 years are omitted, as well as possibilities arising from the new SVG 2.0 spec.