Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
that article wrote:
When users download the image to view it, the server parses the PHP code and the exploit is executed, as it serves the image to the user.
Who on earth would configure webserver to parse images as PHP files?? Too stupid to be true.
Weirdan wrote:Who on earth would configure webserver to parse images as PHP files?? Too stupid to be true.
I'm wondering if everyones favorite mod_rewrite action (funnel any unknown file to a php script for processing) is part of the magic making it happen often.