Login   Register  
PHP Classes
elePHPant
Icontem

PHP security exploit with GIF images

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP Classes blog  >  PHP security exploit ...  >  All threads  >  PHP security exploit with GIF images  >  (Un) Subscribe thread alerts  
Subject:PHP security exploit with GIF images
Summary:The security problems are rarely come from the PHP itself
Messages:1
Author:Yin Kok Chong
Date:2007-06-24 10:34:21
Update:2007-06-24 21:41:41
 

  1. PHP security exploit with GIF images   Reply  
Picture of Yin Kok Chong
Yin Kok Chong
2007-06-24 21:41:41
After reading some articles about this security issue. I had tried out and tested it by myself. And I found that the PHP-function getimagesize() had failed in validating the "crafted GIF image"(i.e. the Gif that embeded PHP codes).

This may cause the serious security problems to those web systems which only depend on getimagesize() for validating the images. Anyway, such problem shouldn't be an issue, when we accept only those images with valid extensions to be uploaded.

Generally, the security problems are rarely come from the PHP Language itself, but it depends on how the coders writing their codes!

From Yinkc
http://devland.webstrait.com/?p=7