|
|
|
|
|
|
by dave1010uk
5434 days ago
|
|
|
On a CubeCart pluggin that had the same flaw as the timthumb.php one, I whitelisted image file extensions. This should work, as long as there aren't and local file include vulnerabilities in the site. This still allows the attacker to host images on your site though. |
|
|
Well put.
Probably best to remove allowed hosts altogether.