At 9:27 PM +0200 6/20/07, Tijnema wrote:
On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
If you are worried about evil code being in the image, you could
always resample the image (larger or smaller). Not that I have
personal experience, but I would think that any piece of code that is
resampled is
On Wed, 2007-06-20 at 15:12 -0400, Daniel Brown wrote:
> On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
> > At 12:53 PM -0400 6/20/07, Daniel Brown wrote:
> > >
> > >No, not the upload and execution, per se, but rather using images
> > >to contain processable PHP code.
> > >
> > >--
> > >Daniel P.
On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
At 2:32 PM -0400 6/20/07, Guillaume Theoret wrote:
>Thanks for the link.
>
>I got worried for a second that my code could be exploited so I did a
>quick check to make sure that mime-types were correct. (I check the
>mime type to make sure it's an image,
At 2:32 PM -0400 6/20/07, Guillaume Theoret wrote:
Thanks for the link.
I got worried for a second that my code could be exploited so I did a
quick check to make sure that mime-types were correct. (I check the
mime type to make sure it's an image, not the file extension.) I
renamed a .jpg file .
On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
At 12:53 PM -0400 6/20/07, Daniel Brown wrote:
>
>No, not the upload and execution, per se, but rather using images
>to contain processable PHP code.
>
>--
>Daniel P. Brown
Daniel:
Wow! Now that's something I would like to see -- you do have a de
At 12:53 PM -0400 6/20/07, Daniel Brown wrote:
No, not the upload and execution, per se, but rather using images
to contain processable PHP code.
--
Daniel P. Brown
Daniel:
Wow! Now that's something I would like to see -- you do have a demo?
As far as "legitimate reasons", how about ima
Thanks for the link.
I got worried for a second that my code could be exploited so I did a
quick check to make sure that mime-types were correct. (I check the
mime type to make sure it's an image, not the file extension.) I
renamed a .jpg file .jpg.php and uploaded it and got application/x-php
as
On 6/20/07, Jochem Maas <[EMAIL PROTECTED]> wrote:
Daniel Brown wrote:
> On 6/20/07, Tijnema <[EMAIL PROTECTED]> wrote:
>> Hi all,
>>
>> Just received a mail from phpclasses, which pointed to this very
>> interesting article[1]. Seems good to know for starters ;)
>> The experts around here probab
Daniel Brown wrote:
> On 6/20/07, Tijnema <[EMAIL PROTECTED]> wrote:
>> Hi all,
>>
>> Just received a mail from phpclasses, which pointed to this very
>> interesting article[1]. Seems good to know for starters ;)
>> The experts around here probably already know this way of exploits.
>>
>> Tijnema
>
On 6/20/07, Tijnema <[EMAIL PROTECTED]> wrote:
Hi all,
Just received a mail from phpclasses, which pointed to this very
interesting article[1]. Seems good to know for starters ;)
The experts around here probably already know this way of exploits.
Tijnema
[1]
http://www.phpclasses.org/blog/pos
Hi all,
Just received a mail from phpclasses, which pointed to this very
interesting article[1]. Seems good to know for starters ;)
The experts around here probably already know this way of exploits.
Tijnema
[1]
http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html
11 matches
Mail list logo
