On Mon, May 15, 2006 1:58 am, Jason Wong wrote: > 2) the uploaded file is a "script" (perl/php/python/etc) > In the case of (2), if the script relies on its shebang line to > execute Not necessarily -- What if I upload an "image" file named "badscript.php" and then I surf to it, after it's in your /images directory? Game Over If you want Shifflet's view, just go to http://phpsec.org -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
