Re: Images can execute php script?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Bastien Koert

On 2012-09-23, at 11:57 AM, "admin" <admin@xxxxxxxxxxxxxxxxxxx> wrote:

> Today I seen a hack into php that has rocked me to my foundation.
> I seen a picture uploaded onto a server using php and when php displayed the
> image, phpinfo() was executed and displayed.
> 
> Does this problem exist in PHP 5.2.17 +?
> How do you stop it?
> 
> Sorry, I have never known of this before today.
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

Jpgs can hold other data rather than image data

One thing to try is to run strip_tags($image) to remove any php code

http://stackoverflow.com/questions/3499173/my-php-site-was-hacked-by-codes-uploaded-as-image

http://josephkeeler.com/2009/04/php-upload-security-the-1x1-jpeg-hack/

Bastien

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux