Bastien Koert On 2012-09-23, at 11:57 AM, "admin" <admin@xxxxxxxxxxxxxxxxxxx> wrote: > Today I seen a hack into php that has rocked me to my foundation. > I seen a picture uploaded onto a server using php and when php displayed the > image, phpinfo() was executed and displayed. > > Does this problem exist in PHP 5.2.17 +? > How do you stop it? > > Sorry, I have never known of this before today. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Jpgs can hold other data rather than image data One thing to try is to run strip_tags($image) to remove any php code http://stackoverflow.com/questions/3499173/my-php-site-was-hacked-by-codes-uploaded-as-image http://josephkeeler.com/2009/04/php-upload-security-the-1x1-jpeg-hack/ Bastien
