Jump to content

Injecting PHP files


php_nub_qq

Recommended Posts

When you allow users to upload files, you should:

  • Verify the upload actually succeeded using the ['error'] index
  • Check if something was actually uploaded using is_uploaded_file
  • Move the uploaded file to a specified directory using move_uploaded_file
  • Rename the file md5(filename), chmod to 400 (only readable by owner) and DO NOT store it in a publicly accesible place
  • Use a download.php file to actually download the files and use file_get_contents/readfile to retrieve the content.
Link to comment
https://forums.phpfreaks.com/topic/277266-injecting-php-files/#findComment-1426402
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.