The company I work for has recently been hit with many header injection and file upload exploits on the sites we host and while we have fixed the problem with respect to header injection attacks, we have yet to get the upload exploits under control.
I’m trying to set up a plug-and-play-type series of upload scripts to use in-house that a designer can copy into their site’s structure, modify a few variables, and have a ready-to-go upload form on their site. We’re looking to limit our exposure as much as possible (we’ve already shut down fopen and shell commands).
I’ve searched the site for the last hour and found many different answers dealing with specific methods that rely on outside sources. What do you all think is the best script-only solution that is specific enough to use as a reliable method of protection? Also, I’d like to keep the language limited to PHP or pseudo-code if possible.
Edit: I’ve found my answer (posted below) and, while it does make use of the shell command exec(), if you block script files from being uploaded (which this solution does very well), you won’t run into any problems.
The best solution, IMHO, is to put the directory containing the uploaded files outside of the ‘web’ environment and use a script to make them downloadable. In this way, even if somebody uploads a script it can not be executed by calling it from the browser and you don’t have to check the type of the uploaded file.