PHP GIF security Issue
sometime hacker can add php-code in the middle of GIF image. and they can hack some confidential information from your site.
usually uploading files are moved to given directory. so in form of image hacker will send some code in that directory and if site serves images directory from that directory, then your site may be open for security exploits.
for ex, let’s say hacker upload an image named test.gif.php the image may be moved to the images directory.if webserver is configured as usaual to process request with .php file, and the site server the images with below url, the request will execute the php code inside that image file.
how to avoid?
basic solution to avoid this problem is to protect upload directory to avoid direct request to where images are located.
so you can fix it by editing .htaccess file.
deny from all
and alternative solution is add php function to check valid file(image) extension.
please visit the previous post to learn that code.
have a nice DaY 🙂