Block upload of executable images (PHP)

Posted by James Simpson on Stack Overflow See other posts from Stack Overflow or by James Simpson
Published on 2010-05-17T19:07:46Z Indexed on 2010/05/17 19:10 UTC
Read the original article Hit count: 175

Filed under:
|
|
|

It has come to my attention that a user has been trying to create an exploit through avatar image uploads. This was discovered when a user reported to me that they were getting a notice from their Norton Anti-virus saying "HTTP Suspicious Executable Image Download." This warning was referencing the user's avatar image. I don't think they had actually achieved anything in the way of stealing information or anything like that, but I assume it could be possible if the hole is left open long enough. I use PHP to upload the image files, and I check if the file being uploaded is a png, jpg, or gif.

© Stack Overflow or respective owner

Related posts about php

Related posts about image