ok but that issue would only occur if you DO NOT check the file extension before uploading it to the server, which is what you were doing, you were uploading it and then validating it afterwards. obviously I would not suggest anyone does that, you should definitely check the file extension before you upload anything to the server and not accept any type of file which can be executed.
On Sun, Jun 16, 2013 at 4:21 PM, Raymond Camden <[email protected]>wrote: > > On Sun, Jun 16, 2013 at 9:45 AM, Russ Michaels <[email protected]> > wrote: > > > > > if your only dealing with images and are stopping all other file types > > being uploaded then what is the issue with allowing them to be uploaded > to > > the website ? > > > > Check out what happened to me. > > http://www.raymondcamden.com/index.cfm/2009/9/21/How-Galleon-was-Hacked > > I thought I was secure since I was - literally - in the next line of CFML > checking the extensions and deleting - but someone was able to abuse this > via a script. > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355947 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
