file uploading and mime check!

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
prografr
Forum Newbie
Posts: 2
Joined: Tue Sep 21, 2010 6:48 am

file uploading and mime check!

Post by prografr »

Hi,
why some people check file mime types in file uploading process when we can find file extensions from it's name? it there any security points? :?
i found that some hackers :twisted: upload their shell's in fake file format! can mime check bypass these fake files?
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: file uploading and mime check!

Post by JakeJ »

A MIME is a terrible thing to waste.
prografr
Forum Newbie
Posts: 2
Joined: Tue Sep 21, 2010 6:48 am

Re: file uploading and mime check!

Post by prografr »

JakeJ wrote:A MIME is a terrible thing to waste.
:? realy?! thnx JakeJ .. :)
Post Reply