|
|
|
|
|
|
by meowface
4406 days ago
|
|
|
This isn't too related to what the blog post was discussing, but just to give an example of how you're right: If a PHP page is allowing file uploads and only verifies the content of the data, but nothing else, then no protection is offered against arbitrary code execution. It's easy to craft a JPEG header and then place `<?php ... ?>` right after it; you could even append it to a valid JPEG body, too. |
|
|