PHP Classes

PHP security exploit with GIF images

Recommend this page to a friend!

      PHP Classes blog  >  PHP security exploit ...  >  All threads  >  PHP security exploit with GIF images  >  (Un) Subscribe thread alerts  
Subject:PHP security exploit with GIF images
Summary:The security problems are rarely come from the PHP itself
Messages:1
Author:Yin Kok Chong
Date:2007-06-24 10:34:21
Update:2007-06-24 21:41:41
 

  1. PHP security exploit with GIF images   Reply   Report abuse  
Picture of Yin Kok Chong Yin Kok Chong - 2007-06-24 21:41:41
After reading some articles about this security issue. I had tried out and tested it by myself. And I found that the PHP-function getimagesize() had failed in validating the "crafted GIF image"(i.e. the Gif that embeded PHP codes).

This may cause the serious security problems to those web systems which only depend on getimagesize() for validating the images. Anyway, such problem shouldn't be an issue, when we accept only those images with valid extensions to be uploaded.

Generally, the security problems are rarely come from the PHP Language itself, but it depends on how the coders writing their codes!

From Yinkc
devland.webstrait.com/?p=7