|I know that only checking the file extension is not enough to make sure the file that was uploaded is really that type of file. But if uploaded files would be handled according to their extension, would that still make an attack possible?|
User uploads .jpg/.gif/.png file full of valid php code. But because these are supposed to be images, I only call them using src="". Would that still leave holes uncovered?
Thanks for the great post!
|2007-06-20 09:59:04 - In reply to message 1 from ed|
|All depends on how you serve the images. If you just use a URL that makes the Web server serve the images as images because the extension is correct, there is no problem.|
The problem occurs when you preserve the original file name and that is .php or equivalent.
Also, you should avoid serving images from PHP scripts using require or include.