|
|
| |
1. GIF image Exploit |
|
Reply |
|
|
Loki_ | 2007-06-20 05:50:29 |
One of the easiest ways to prevent this is to add an .htaccess file to all upload directories. In the htaccess file paste this code.
Order allow,deny
allow from all
<FilesMatch "\.php$">
deny from all
</FilesMatch>
This will prevent any php extentions from being uploaded and allow the standard image files.
|
| |
2. Re: GIF image Exploit |
|
Reply |
|
|
Manuel Lemos | 2007-06-20 05:56:53 - In reply to message 1 from Loki_ |
Right, that may as well do if the Web server will only execute PHP scripts when they have .php extension.
I am sure there are still some servers that are configured to treat .php3 as PHP scripts. In that case the regular expression may be adjusted to "\.(php|php3)$" . |
| |
3. Re: GIF image Exploit |
|
Reply |
|
|
srt | 2007-06-20 09:55:14 - In reply to message 2 from Manuel Lemos |
Hi.
How your think about that code at .htaccess file in upload directory:
RemoveType php
<IfModule mod_php4.c>
php_flag engine 0
</IfModule>
<IfModule mod_php5.c>
php_flag engine 0
</IfModule> |
|
Stumble It!
Bookmark in del.icio.us
