Preventing Image PHP Injections

[Wolphie]

I've been hearing alot about PHP injections in images.

 

I was wondering if there was a way to prevent it.

 

e.g. reading the image and searching for specific tags such as <?

etc..

 

Is this possible?

[btherl]

Where have you been hearing about php image injection?  If you can give me a source then I can help you.

[Wolphie]

Here is a video demonstration on how it's embedded, used and executed.

http://str0ke213.tradebit.com/pub/8/57.swf

[stuffradio]

wow that's interesting

[btherl]

Oh .. it looks like an error in the forum software that allows that to happen.  The forum software allows you to include arbitrary files on the server by setting the "page" variable.  So if you can upload an image, supposedly your avatar, but which happens to include php code as well, then you can get the forum to include your image as a "page".

 

The underlying problem is that the forum software allows you to include arbitrary files.  If you fix that, then it doesn't matter what images your users upload. How to fix it (or if you need to fix it) depends on your particular forum software..

[Wolphie]

Ah alright buddy, i wasn't sure if it was JUST forum software alone. (I was referring to images in general)

I'm creating an image hosting service. So i was trying to make it secure as possible

 

http://www.imgpond.phux-development.com/