3

I need to know how to generate a GIF with php code inside, or how to modify a gif to add this so that I can perform a test on our avatar upload plugin in wordpress - I just want to ensure it is secure. Or if someone has a test image already, which I can open to see the code or modify?

Chris
  • 2,340
  • 6
  • 40
  • 63
  • 1
    That's not a good way to prevent exploits. Rather than that, check how you include (ie. a get param with filename to include is not best practice) and make sure user input is properly validated. Then you don't have to (and you can't, really) check everything a user may upload. – Mikulas Dite Nov 05 '11 at 18:09

1 Answers1

1

In an LFI to RCE exploit you add a meta tag that contains you're php code. When the binary is included PHP will look for <?php ?> and execute the code inside of it.

rook
  • 66,304
  • 38
  • 162
  • 239