Home/ Questions/Q 8726209
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T08:12:12+00:00

I understand that security issues usually come from user inputs which is why I

  • 0

I understand that security issues usually come from user inputs which is why I am assuming there is a security hole in the else part of $eFlag!=1.
I am not familiar with php so I am not 100% sure what is going on here.

I am assuming that file itself that is being uploaded could be some malicious executable and that is not being checked???
If so, is there ways to prevent uploading executable or just upload .doc files (looks like that’s the file that the program wants)?

***This was posted on one of the clubs that I am in for school and asked to identify a security hole (in another words, there is one for sure).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should check mime types of uploaded file:

    strcmp(substr(mime_content_type($_FILES['userfile']['tmp_name']),0,4),"doc"

    Full example on php.net for checking mime types: http://php.net/manual/en/function.mime-content-type.php

    Full code with added filter of filename name and length (this is based on filename):

    $match = preg_match_all("/^[a-zA-Z0-9]/$", $_FILES['userfile']['name'], $matchif);

if (!$matchif)
{
    die('not allowed filename');
}

if (strlen($_FILES['userfile']['name']) > 255 || strlen($_FILES['userfile']['name'] == 0))
{
    die('Filename length not allowed');
}

if (strcmp(substr(mime_content_type($_FILES['userfile']['name']),0,4),"doc")==0) 
{ 

    if (move_uploaded_file($_FILES['userfile']['tmp_name']))
    {
        // upload file
    }
    else die('not upload');

}
else die('support only doc');

    You can dump and use conditionals to check mimetypes as examples:

    var_dump($_FILES['userfile']['type']);

if ($_FILES['userfile']['type'] == 'application/msword') { ... move uploaded files ...  }

    Notice: mime types can be faked, so i will check via filename, types via $_FILES, length of filename, and read first lines of code to check if DOC or something else. Open it doc in notepad and see what you can check in PHP by reading file.

    • 0