Preventing Image PHP Injections

Wolphie · October 31, 2007

I've been hearing alot about PHP injections in images.

I was wondering if there was a way to prevent it.

e.g. reading the image and searching for specific tags such as <?

etc..

Is this possible?

btherl · October 31, 2007

Where have you been hearing about php image injection? If you can give me a source then I can help you.

Wolphie · October 31, 2007

Here is a video demonstration on how it's embedded, used and executed.

http://str0ke213.tradebit.com/pub/8/57.swf

stuffradio · October 31, 2007

wow that's interesting

btherl · October 31, 2007

Oh .. it looks like an error in the forum software that allows that to happen. The forum software allows you to include arbitrary files on the server by setting the "page" variable. So if you can upload an image, supposedly your avatar, but which happens to include php code as well, then you can get the forum to include your image as a "page".

The underlying problem is that the forum software allows you to include arbitrary files. If you fix that, then it doesn't matter what images your users upload. How to fix it (or if you need to fix it) depends on your particular forum software..

Wolphie · October 31, 2007

Ah alright buddy, i wasn't sure if it was JUST forum software alone. (I was referring to images in general)

I'm creating an image hosting service. So i was trying to make it secure as possible

http://www.imgpond.phux-development.com/

Sign In

Preventing Image PHP Injections

Recommended Posts

Wolphie

Link to comment

Share on other sites

btherl

Link to comment

Share on other sites

Wolphie

Link to comment

Share on other sites

stuffradio

Link to comment

Share on other sites

btherl

Link to comment

Share on other sites

Wolphie

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information