What's with all this checking of mime types, etc? As long as you check that
it doesn't have .php at the end of it's filename then you're fine. Unless
you have PHP set to run on every filetype or something strange. Isn't it
obvious not to allow anything.anything.php as an upload?
- Dan
"Tijnema" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Hi all,
Just received a mail from phpclasses, which pointed to this very
interesting article[1]. Seems good to know for starters ;)
The experts around here probably already know this way of exploits.
Tijnema
[1]
http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
