Forum Moderators: coopster
The problem that was discovered is that you can insert PHP code in the middle of a GIF image. That would not be a problem if it was not for the insecure ways some developers use to serve images upload by their users.Usually, uploaded files are moved to a given directory. If the site then serves the images directly from that directory and preserve the original file name, the site may be open for security exploits.
More here [phpclasses.org].
If it's not one thing its another ;) Interesting little article.
Hab
How do we avoid this at a script level, where the script might be executed by an end user on any given server?
My suggestions:
a) Load the image with GD, and then output it with imagegif() - this should remove all the <?php?> codes cleanly.
b) When moving images to a directory, strip out any dots apart from before the terminal .gif. Careful about multibyte character exploits...
c) Add <?php die('Your server sucks');?> to every .gif image before you make it available. People with insecure servers will find out soon enough.
d) Always rename images by serial number and cross-reference to file names only in a database record
..?
E) limit size
F) move a copy to a tmp dir, work on tmp img with security items (a, b, c etc..) before moving it to final uploading, if problem del and exit()
