PHP Classes

GIF image Exploit

Recommend this page to a friend!

      PHP Classes blog  >  PHP security exploit ...  >  All threads  >  GIF image Exploit  >  (Un) Subscribe thread alerts  
Subject:GIF image Exploit
Summary:Simple Solution
Messages:3
Author:Loki_
Date:2007-06-20 05:35:43
Update:2007-06-20 09:55:14
 

  1. GIF image Exploit   Reply   Report abuse  
Picture of Loki_ Loki_ - 2007-06-20 05:50:29
One of the easiest ways to prevent this is to add an .htaccess file to all upload directories. In the htaccess file paste this code.

Order allow,deny
allow from all

<FilesMatch "\.php$">
deny from all
</FilesMatch>

This will prevent any php extentions from being uploaded and allow the standard image files.


  2. Re: GIF image Exploit   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2007-06-20 05:56:53 - In reply to message 1 from Loki_
Right, that may as well do if the Web server will only execute PHP scripts when they have .php extension.

I am sure there are still some servers that are configured to treat .php3 as PHP scripts. In that case the regular expression may be adjusted to "\.(php|php3)$" .

  3. Re: GIF image Exploit   Reply   Report abuse  
Picture of srt srt - 2007-06-20 09:55:14 - In reply to message 2 from Manuel Lemos
Hi.
How your think about that code at .htaccess file in upload directory:

RemoveType php
<IfModule mod_php4.c>
php_flag engine 0
</IfModule>
<IfModule mod_php5.c>
php_flag engine 0
</IfModule>