Block upload of executable images (PHP)
Posted
by James Simpson
on Stack Overflow
See other posts from Stack Overflow
or by James Simpson
Published on 2010-05-17T19:07:46Z
Indexed on
2010/05/17
19:10 UTC
Read the original article
Hit count: 175
It has come to my attention that a user has been trying to create an exploit through avatar image uploads. This was discovered when a user reported to me that they were getting a notice from their Norton Anti-virus saying "HTTP Suspicious Executable Image Download." This warning was referencing the user's avatar image. I don't think they had actually achieved anything in the way of stealing information or anything like that, but I assume it could be possible if the hole is left open long enough. I use PHP to upload the image files, and I check if the file being uploaded is a png, jpg, or gif.
© Stack Overflow or respective owner