WEBSITE: betterphp.co.uk In this video I mention a very common security issue with file uploads and tell you about a secure way you can prevent bad files being uploaded. To give an idea of how common this problem is if you google “free image hosting” 3 of the sites on the first 4 pages have this issue !
Video Rating: 4 / 5
vulturinegears says
Yeah, your tut’s are great man. SO glad I found you! <3
betterphp says
Why would the name of an image ever go into a script tag ?
rudxai says
True but It’s still dangerous. Consider the following code in a simple html page (propable xss vulnerable) where you include a javascript link:
“script src=”test.png”>/script”
where test.png is actually test.js renamed (with a simple alert(); inside).
The script will run.
betterphp says
The server would not process a .png file as a .php file though.
rudxai says
The code is still vulnerable.I could just rename my bad upload with an ‘allowed’ extension and upload it without a problem.
What you should really check is the mime data inside the file to figure out if it’s actually an image.
ProudByte says
I like you videos but, please for god sake’s stop saying “ham”! I’m hungry man!
jupitershanestap says
@betterphp yup you right.
betterphp says
no you shouldn’t because the move_uploaded_file function does this check. that function you mention should only be used if you want to read the temp file directly.
jupitershanestap says
You should also check if file stored in the tmp folder was actually uploaded using is_uploaded_file
betterphp says
Glad you like it 😉
AMM686 says
Thanx useful tut…
RawRzCopteR says
yea yea, i know what you meant 😛
betterphp says
that’s what I meant 🙂 it would make very little sense for them to be the actual array keys.
RawRzCopteR says
8:36 – depreciated lol – deprecated… no offense :p
RawRzCopteR says
the explode – the test string becomes the value not the key in the array