Quote:
Originally Posted by Kaylum
also, don't sweat any concern with viruses for images.. the files aren't excecuted (ran), and you can modify or have someone else modify the script to check for image type/file size.
|
Sorry, but that's wrong. Recently a LFI (Local File Inclusion) exploit showed up, it's pretty popular right now that let's you embed php code in jpg images...and many scripts are vulnerable to it, incuding well known forum and blogging scripts. They show up as normal pictures and bypass any checks by the script.