Wolphie Posted October 31, 2007 Share Posted October 31, 2007 I've been hearing alot about PHP injections in images. I was wondering if there was a way to prevent it. e.g. reading the image and searching for specific tags such as <? etc.. Is this possible? Quote Link to comment https://forums.phpfreaks.com/topic/75458-preventing-image-php-injections/ Share on other sites More sharing options...
btherl Posted October 31, 2007 Share Posted October 31, 2007 Where have you been hearing about php image injection? If you can give me a source then I can help you. Quote Link to comment https://forums.phpfreaks.com/topic/75458-preventing-image-php-injections/#findComment-381728 Share on other sites More sharing options...
Wolphie Posted October 31, 2007 Author Share Posted October 31, 2007 Here is a video demonstration on how it's embedded, used and executed. http://str0ke213.tradebit.com/pub/8/57.swf Quote Link to comment https://forums.phpfreaks.com/topic/75458-preventing-image-php-injections/#findComment-381730 Share on other sites More sharing options...
stuffradio Posted October 31, 2007 Share Posted October 31, 2007 wow that's interesting Quote Link to comment https://forums.phpfreaks.com/topic/75458-preventing-image-php-injections/#findComment-381733 Share on other sites More sharing options...
btherl Posted October 31, 2007 Share Posted October 31, 2007 Oh .. it looks like an error in the forum software that allows that to happen. The forum software allows you to include arbitrary files on the server by setting the "page" variable. So if you can upload an image, supposedly your avatar, but which happens to include php code as well, then you can get the forum to include your image as a "page". The underlying problem is that the forum software allows you to include arbitrary files. If you fix that, then it doesn't matter what images your users upload. How to fix it (or if you need to fix it) depends on your particular forum software.. Quote Link to comment https://forums.phpfreaks.com/topic/75458-preventing-image-php-injections/#findComment-381734 Share on other sites More sharing options...
Wolphie Posted October 31, 2007 Author Share Posted October 31, 2007 Ah alright buddy, i wasn't sure if it was JUST forum software alone. (I was referring to images in general) I'm creating an image hosting service. So i was trying to make it secure as possible http://www.imgpond.phux-development.com/ Quote Link to comment https://forums.phpfreaks.com/topic/75458-preventing-image-php-injections/#findComment-381737 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.