Comments on: PHP security exploit with GIF images

by: admin

Fri, 22 Jun 2007 20:12:31 +0000

Ya, I am agree with your point. The security problems are rarely come from the PHP itself, but it depends on how the coders writing their codes! Anyway, the reason for posting this issue is just to point out that the getimagesize() function can be exploited and would failed in validating the image, even though the PHP Manual itself claim that this function will return FALSE for an invalid image.

by: droool

Fri, 22 Jun 2007 19:12:41 +0000

now that seems to be another serious loop hole for php coded site

by: Tim

Fri, 22 Jun 2007 16:34:18 +0000

It’s not really a problem if you only allow images with valid extensions to be uploaded in the first place.

A correctly written script would not be affected.