On 12 May 2006 rgod (at) autistici (dot) org [email concealed] wrote:
> (3) inject some php code inside jpeg files as EXIF metadata content:
> this, in combinations with third party vulnerable code can be used
> to compromise the server where PHP is installed.
> Should be enough to check for php code inside the temporary file...
> (3) inject some php code inside jpeg files as EXIF metadata content:
> this, in combinations with third party vulnerable code can be used
> to compromise the server where PHP is installed.
> Should be enough to check for php code inside the temporary file...
[ more ]