Follow us on Twitter!
Ideas are far more powerful than guns.
Tuesday, May 03, 2016
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 28
Guests Online: 27
Members Online: 1

Registered Members: 93487
Newest Member: VALASADOR123
Latest Articles
View Thread

HellBound Hackers | Computer General | Webmasters Lounge

Author

Unsecure Upload In PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-03-07 19:39
Hi, my code for my uploading is unsecure, how would I fix it so that I can prohibit files with certain extensions to be uploaded?

Code

<?php
$target = "uploaded/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded to <a href='uploaded/'>here.</a>";
}
else {
echo "Sorry, there was a problem uploading your file.";
}
?>





Author

RE: Unsecure Upload In PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-03-07 21:01
Code

if(strpos(basename($_FILES['uploaded']['name'],".php")||
strpos(basename($_FILES['uploaded']['name'],".htm")||
strpos(basename($_FILES['uploaded']['name'],".html")||
strpos(basename($_FILES['uploaded']['name'],".asp")||
strpos(basename($_FILES['uploaded']['name'],".aspx")||
strpos(basename($_FILES['uploaded']['name'],".exe")) {
die("invalid file extension!");
}





you could do that, or use the same check to make sure the file ext. falls within a certain range of extensions.