Quote:
Originally Posted by nation-x
Please provide an example to prove your assertion... how exactly is this unsafe?[/code]
|
Generally, lazily coded image hosting scripts. The easiest way to abuse this I've actually seen in the wild. It starts with a valid GIF header, and has a PHP script as the payload. WIthout giving away too many details, file naming conventions and autonegotiation can cause you bigtime issues.