| View previous topic :: View next topic |
| Author |
Message |
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
 Posted: Sun Dec 25, 2005 4:47 am Post subject: PHP-Exploit? |
 |
|
Hmm, is this some sort of PHP-bux/exploit? I mean, the webserver shouldn't execute the PHP-code since it is inside of a JPG-file? The only thing I can say about this is that it works, a friend got his server hacked.
Last edited by cmxflash on Sun Jan 15, 2006 7:04 pm; edited 1 time in total |
|
| Back to top |
  |
 |
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Sun Dec 25, 2005 5:19 am Post subject: |
|
|
This can only happen if the extension "JPG" works with the PHP interpreter, so
I don't think you can exploit this without first setting JPG as a PHP extension...
| Quote: | File extensions
Some secure servers might prefer looking at the file extension of the file you upload instead of the MIME type. This is something we cannot do so much about, although there is one possibility. If the server is configured to execute PHP code in all files, not just .PHP or anything like that, then you can upload files with the .jpg extension and execute PHP code inside of them. Elsewise, if the server is configured to only execute PHP code in files with the .PHP extension, you will have to change the extension of your JPEG file to ".PHP" and then upload it with the JPEG MIME type which we talked about earlier. |
You would be an idiot to allow .php scripts to be uploaded. :-)
Happy Holidays! :-)
Last edited by TRUSTAbyss on Wed Dec 28, 2005 8:49 am; edited 6 times in total |
|
| Back to top |
 |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
