uncleflo

profile picture

Some cool dude. Higher order of decision making. Absolute.

Registered since September 28th, 2017

Has a total of 4246 bookmarks.

Showing top Tags within 1 bookmarks

howto   information   development   guide   reference   administration   design   website   software   solution   service   product   online   business   uk   tool   company   linux   code   server   system   application   web   list   video   marine   create   data   experience   description   tutorial   explanation   technology   build   blog   article   learn   world   project   boat   download   windows   security   lookup   free   performance   javascript   technical   network   control   beautiful   support   london   tools   course   file   research   purchase   library   programming   image   youtube   example   php   construction   html   opensource   quality   install   community   computer   profile   feature   power   browser   music   platform   mobile   work   user   process   database   share   manage   hardware   professional   buy   industry   internet   dance   advice   installation   developer   3d   search   material   access   customer   travel   camera   test   standard   review   documentation   css   money   engineering   develop   webdesign   engine   device   photography   digital   api   speed   source   management   program   phone   discussion   question   event   client   story   simple   water   marketing   app   yacht   content   setup   package   fast   idea   interface   account   communication   cheap   compare   script   study   market   live   easy   google   resource   operation   startup   monitor   training  


Tag selected: exif.

Clear all

Showing 1 results.

Looking up exif tag. Showing 1 results. Clear

A Silent Threat - PHP in EXIF

https://websec.io/2012/09/05/A-Silent-Threat-PHP-in-EXIF.html

Saved by uncleflo on February 24th, 2017.

Anyone who has done anything with file uploads knows that there's a lot to take into consideration when you're allowing your users to upload their own files up to the server. We've already covered some of the things you can do to help prevent some of the most common problems (bad MIME types, whitelisting file types, etc) but there's another one to consider that wasn't mentioned before. This "silent threat" comes in the form of PHP code embedded into the EXIF data on an image - jpg, gif, whatever. Since PHP only really has detection for things like MIME type, checking into the headers of uploaded images is difficult. Thankfully, there's a simple way to protect you and your application - don't use include (or the like) to load images into your site.

threat security php exif web development howto lamp administration problem whitelist consider consideration guide guidelines file server website


No further bookmarks found.