Re: Interesting article about PHP security exploit by GIF files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

What's with all this checking of mime types, etc? As long as you check that it doesn't have .php at the end of it's filename then you're fine. Unless you have PHP set to run on every filetype or something strange. Isn't it obvious not to allow anything.anything.php as an upload? 

- Dan
"Tijnema" <tijnema@xxxxxxxxx> wrote in message news:d8269d910706200854u61d85da8oc9f04f3fc6b7d59@xxxxxxxxxxxxxxxxx 
Hi all,

Just received a mail from phpclasses, which pointed to this very
interesting article[1]. Seems good to know for starters ;)
The experts around here probably already know this way of exploits.

Tijnema
[1] http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux