mr_mind Posted August 2, 2008 Share Posted August 2, 2008 I am wondering if it is in any way possible to upload a php (or any other programming language) file with an image filetype and have it executed by the server. Quote Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/ Share on other sites More sharing options...
LemonInflux Posted August 2, 2008 Share Posted August 2, 2008 Yes. Which is why you create an array of allowed file types, and only allow upload of files with an allowed extension. You can't mask a php file as an image *offline* though, so all you have to worry about are files called .php ---------------- Now playing: Linkin Park - Ppr:Kut (Cheapshot & Jubacca ft. Rasco & Planet Asia) via FoxyTunes Quote Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/#findComment-606123 Share on other sites More sharing options...
mr_mind Posted August 2, 2008 Author Share Posted August 2, 2008 Alright i asked whether it would work if you gave it an image filetype, not a php filetype Quote Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/#findComment-606124 Share on other sites More sharing options...
LemonInflux Posted August 2, 2008 Share Posted August 2, 2008 Alright i asked whether it would work if you gave it an image filetype, not a php filetype You can't mask a php file as an image *offline* though, so all you have to worry about are files called .php ---------------- Now playing: Linkin Park - Rnw@Y (Backyard Bangers ft. Phoenix Orion) via FoxyTunes Quote Link to comment https://forums.phpfreaks.com/topic/117844-possible-security-vulnerability/#findComment-606126 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.