Arbitrary code is like a malicious code. Code contains malware activities which will exploit the security holes. Malware performs arbitrary exploitation on the system or server.
Arbitrary code can be vulnerable.
Generally, High-Quality image size can be between 1MB-5MB. Normal image size would be between 10KB and 1MB.
Width x Height = ? KB in Size for JPG.
800 x 600 = 30KB in Size JPG.
Inserting the arbitrary code, the image size can be increased up to more than 10MB. It’s a kind of vulnerability.
Arbitrary code action can be deleting or overwriting or inserting the code to the system and server for exploitation.
On September 2012, Metasploit’s component exploited and found the vulnerabilities in qpDM’s project management tool while penetration testing. It found that the user profile photo upload feature can be mistreated to upload any arbitrary file into the particular server machine via remote execution.
In order to add photo to their profile, they need to have valid credentials for login. But, it has allowed any file to upload without valid credentials. This is one of the type of arbitrary file exploitation.
One line about Metasploit and qpDM:-
Metasploit software is aiding security issues, identifying security issues and verifying vulnerabilities mitigations with their own developed penetration testing tools. It is free and open source framework.
qpDM is a web based free project management tool for a small team working on various projects.