Current time: 02-26-2021, 05:25 PM Hello There, Guest! (LoginRegister)
WebPagetest Forums / WebPagetest / Announcements v / Forums Hacked

Post Reply 
 
Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Forums Hacked
04-05-2012, 08:05 AM
Post: #7
pmeenan Offline
Patrick Meenan
*******
 		Posts: 5,447
Joined: Apr 2009
Reputation: 159
RE: Forums Hacked
Ping me offline and I can get them to you (pmeenan@webpagetest.org).

The PHP interpreter will apparently execute anything inside of a <?php ?> pair of tags, even if it is a binary file so the problem isn't unique to images. Jpegs have a fun feature that lets you include arbitrary data in header tags (like the exif data) so it is easy to build an image that looks normal but has executable code within it.

Stripping out all tags or recompressing (without maintaining tags) all user-uploaded images is probably the safest way to secure them (besides making sure php won't be called to execute an image file).
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
Forums Hacked - pmeenan - 04-04-2012, 03:27 AM
RE: Forums Hacked - pmeenan - 04-04-2012, 05:17 AM
RE: Forums Hacked - sajal - 04-04-2012, 07:24 AM
RE: Forums Hacked - pmeenan - 04-04-2012, 07:31 AM
RE: Forums Hacked - wasimasif - 04-04-2012, 12:22 PM
RE: Forums Hacked - jarrod1937 - 04-05-2012, 07:03 AM
RE: Forums Hacked - pmeenan - 04-05-2012 08:05 AM
RE: Forums Hacked - manii - 10-25-2014, 06:22 PM
RE: Forums Hacked - pmeenan - 10-29-2014, 10:50 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | WebPagetest | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication