Revenue Source

Welcome to the Revenue Source affiliate marketing forums.

You are viewing our internet marketing and SEO forums as a guest which gives you limited access to most of our discussions.  By joining our free community, you will have access to post affiliate marketing topics, communicate privately with other members (PM), exchange SEO strategies, and access many other special features.  Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems, please don't hesitate to contact us.

Go Back   Revenue Source > Site Design & Development > Programming Help
Reload this Page PHPClasses.org: PHP security exploit with GIF images
Tags: , , , , ,

Reply
 
LinkBack Thread Tools Search this Thread
Old
  (#1 (permalink))
Affiliate Blogs is Offline
Revenue Source Veteran
Affiliate Blogs has a brilliant future here!
 
Affiliate Blogs's Avatar
 
Join Date: Oct 2005
Posts: 9,226
Jack of All Trades
CyberSpace United States
   
PHPClasses.org: PHP security exploit with GIF images - 06-20-2007
On the PHPClasses site today, there's a new post that points out an issue that could happen with dyanamic GIF creation in a PHP script leading to a security exploit.
Manuel Lemos writes:
The problem that was discovered is that you can insert PHP code in the middle of a GIF image. That would not be a problem if it was not for the insecure ways some developers use to serve images upload by their users. Usually, uploaded files are moved to a given directory. If the site then serves the images directly from that directory and preserve the original file name, the site may be open for security exploits.
The problem comes when a user decides to upload an "image" file that's actually a PHP script (ending in PHP even) to the remote system. When this is outputted, it's placed inside the image tag and executed with each page load. Manuel offers a suggestion to prevent the issue - protecting the images directory and using readfile to grab the contents of the file to output rather than just a straight echo.


PHPClasses.org: PHP security exploit with GIF images - Read More...
  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Andries Seutens' Blog: Zend Framework, just get me started, okay? | Job Posting: Engage Seeks a PHP/MySQL Applications Developer (Work from Anywhere) »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: PHPClasses.org: PHP security exploit with GIF images
Thread Thread Starter Forum Replies Last Post
Community News: Serendipity 1.1.3 and 1.2-beta2 released due to SQL exploit Affiliate Blogs Programming Help 0 06-19-2007 01:23 PM
Another MyBlogLog exploit? SEO Blogs SEO / SEM 0 03-13-2007 07:55 AM
Google Images Cleans Up Its Act Affiliate Marketing News Internet Marketing Articles 0 01-24-2007 08:50 PM
IBM developerWorks: Paint 3-D images with PHP Affiliate Blogs Programming Help 0 11-28-2006 05:08 AM
Icemelon.com: Dynamic Images in PHP (with GD) Affiliate Blogs Programming Help 0 11-28-2006 05:08 AM



© 2004-6 RevenueSource.com.  All rights reserved.  Do not duplicate or redistribute in any form.
This website and its logos/design are property of RevenueSource.com.  All rights reserved. vBSEO 3.2.0 RC7

Contact Us - Affiliate Marketing & SEO Forums - Archive - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34