mr_mind Posted August 2, 2008 Share Posted August 2, 2008 I am wondering if it is in any way possible to upload a php (or any other programming language) file with an image filetype and have it executed by the server. Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/ Share on other sites More sharing options...
LemonInflux Posted August 2, 2008 Share Posted August 2, 2008 Yes. Which is why you create an array of allowed file types, and only allow upload of files with an allowed extension. You can't mask a php file as an image *offline* though, so all you have to worry about are files called .php ---------------- Now playing: Linkin Park - Ppr:Kut (Cheapshot & Jubacca ft. Rasco & Planet Asia) via FoxyTunes Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/#findComment-606123 Share on other sites More sharing options...
mr_mind Posted August 2, 2008 Author Share Posted August 2, 2008 Alright i asked whether it would work if you gave it an image filetype, not a php filetype Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/#findComment-606124 Share on other sites More sharing options...
LemonInflux Posted August 2, 2008 Share Posted August 2, 2008 Alright i asked whether it would work if you gave it an image filetype, not a php filetype You can't mask a php file as an image *offline* though, so all you have to worry about are files called .php ---------------- Now playing: Linkin Park - Rnw@Y (Backyard Bangers ft. Phoenix Orion) via FoxyTunes Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/#findComment-606126 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.