Avoiding the PHP GIF Security Issue

PHP GIF security Issue
sometime hacker can add php-code in the middle of GIF image. and they can hack some confidential information from your site.
usually uploading files are moved to given directory. so in form of image hacker will send some code in that directory and if site serves images directory from that directory, then  your site may be open for security exploits.

for ex, let’s say hacker upload an image named test.gif.php the image may be moved to the images directory.if webserver is configured as usaual to process request with .php file, and the site server the images with below url, the request will execute the php code inside that image file.
http://www.yoursite.com/test.gif.php

how to avoid?

basic solution to avoid this problem is to protect upload directory to avoid direct request to where images are located.

so you can fix it by editing .htaccess file.

code
<Files images>
deny from all
</Files>

and alternative solution is add php function to check valid file(image) extension.
please visit the previous post to learn that code.
https://webdevsurya.wordpress.com/2013/01/09/image-upload-validation-using-php/

have a nice DaY 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s