|
|
|
|
|
|
by qingcharles
1 day ago
|
|
|
More than that, you need to check the file is a valid image, not just the mime type. I remember a host that let me upload an aspx file as a jpg and it allowed me to execute it and browse their entire file system until I found the SQL Server and network administrator passwords in a text file. The passwords were both "internet". |
|
|