Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82908
Newest Member: krishna7799
Latest Articles
View Thread

HellBound Hackers | Computer General | Webmasters Lounge

Author

Unsecure Upload In PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-03-07 19:39
Hi, my code for my uploading is unsecure, how would I fix it so that I can prohibit files with certain extensions to be uploaded?

Code

<?php
$target = "uploaded/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded to <a href='uploaded/'>here.</a>";
}
else {
echo "Sorry, there was a problem uploading your file.";
}
?>





Author

RE: Unsecure Upload In PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-03-07 21:01
Code

if(strpos(basename($_FILES['uploaded']['name'],".php")||
strpos(basename($_FILES['uploaded']['name'],".htm")||
strpos(basename($_FILES['uploaded']['name'],".html")||
strpos(basename($_FILES['uploaded']['name'],".asp")||
strpos(basename($_FILES['uploaded']['name'],".aspx")||
strpos(basename($_FILES['uploaded']['name'],".exe")) {
die("invalid file extension!");
}





you could do that, or use the same check to make sure the file ext. falls within a certain range of extensions.