On 6/20/07, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
Daniel Brown wrote: > On 6/20/07, Tijnema <tijnema@xxxxxxxxx> wrote: >> Hi all, >> >> Just received a mail from phpclasses, which pointed to this very >> interesting article[1]. Seems good to know for starters ;) >> The experts around here probably already know this way of exploits. >> >> Tijnema >> >> [1] >> http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > I've been doing stuff like that for legitimate reasons for about > two years.... I thought everyone knew about it. exactly what are those legitimate reasons for uploading and executing php on other peoples server with authorization? :-> my defense lawyer might be interested ;-) >
No, not the upload and execution, per se, but rather using images to contain processable PHP code. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
