Incomprehensible image upload without format?

A

Artem Gartung2020-05-19 18:56:55

Graphic arts

Artem Gartung, 2020-05-19 18:56:55

The user uploaded an image to the site, the browser visually displays it, although this image is without a format.

When you try to open this image in a new window, this thing appears:

This is how the downloaded image already looks:

Who can explain what it is and is it worth it to be afraid of hacking the site? And how to get rid of such downloads?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Roman Mirilaczvili, 2020-05-22
@blackangelada

This happens when the HTTP response does not specify a Content-Type with an image format.
How the image is displayed is controlled by Content-Disposition .

A

Arseny, 2020-05-19
Matytsyn @ArsenyMatytsyn

1. Be afraid. It's like an executable file.
2. Check the format when loading by setting the list of available ones in the config.

I

Igor, 2020-05-19
@loonny

Perhaps this is what the article about Android hacking using PNG is talking about.
A regular PNG image could be completely compromised...