Malicious code can still be embedded in images. The vulnerabilities ISTR
are in Windows image handling libraries. I assume they've been fixed now
though because it was some time ago. But that doesn't mean to say more
won't be found.
Could you suggest me a good piece of code to check the PNG
On IE 5.5 and 6.x you can inject JS through PNG's
As I remember, they patched it at 7.x
On 20/04/2008, Richard Heyes [EMAIL PROTECTED] wrote:
I mean, if you already specified it as a PNG image with header(), how
do you execute Javascript/malicious code, as the browser will render
it as a
I'm getting from an external source a PNG image in raw format (encoded in
base64).
And with this code I'll echo on the screen.
--
$img=base64_decode($_POST['img']);
header(Content-type: image/png);
echo $img;
--
How can I check if the data received is a real PNG raw (and not
On Sun, 2008-04-20 at 15:52 +0200, rb wrote:
I'm getting from an external source a PNG image in raw format (encoded in
base64).
And with this code I'll echo on the screen.
--
$img=base64_decode($_POST['img']);
header(Content-type: image/png);
echo $img;
--
A quick way would
On Sun, 2008-04-20 at 15:52 +0200, rb wrote:
I'm getting from an external source a PNG image in raw format (encoded in
base64).
And with this code I'll echo on the screen.
--
$img=base64_decode($_POST['img']);
header(Content-type: image/png);
echo $img;
--
A quick way would be to
I don't believe malicious code can be executed with echo and header.
The header of the PNG file, not a HTTP header.
--
Richard Heyes
++
| Access SSH with a Windows mapped drive |
|http://www.phpguru.org/sftpdrive|
I mean, if you already specified it as a PNG image with header(), how
do you execute Javascript/malicious code, as the browser will render
it as a PNG?
Malicious code can still be embedded in images. The vulnerabilities ISTR
are in Windows image handling libraries. I assume they've been fixed
7 matches
Mail list logo
