Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am testing my friends site. It allows only jpeg to be uploaded in upload script. The checking is done like this
following script is run
file --mime-type --brief filename
Only if this gives image/jpeg its allowing the upload. How can I upload a php ? Basically i need to spoof this mime type?
Thanks a lot!
I’m not giving you a working solution but just a hint: The JPEG format consists of different parts, some are required and some are optional. Among those optional parts, some allow to store arbitrary data.
If you manage to alter such a part of an existing JPEG image or to add one and put your PHP code to it, you have an JPEG image with embedded PHP code that should be recognized as a proper JPEG image. Then all you have to do is to get that code invoked.