Malicious code can still be embedded in images. The vulnerabilities ISTR
are in Windows image handling libraries. I assume they've been fixed now
though because it was some time ago. But that doesn't mean to say more
won't be found.
Could you suggest me a good piece of code to check the PNG
On IE 5.5 and 6.x you can inject JS through PNG's
As I remember, they patched it at 7.x
On 20/04/2008, Richard Heyes <[EMAIL PROTECTED]> wrote:
>
> I mean, if you already specified it as a PNG image with header(), how
> > do you execute Javascript/malicious code, as the browser will render
> > it
I mean, if you already specified it as a PNG image with header(), how
do you execute Javascript/malicious code, as the browser will render
it as a PNG?
Malicious code can still be embedded in images. The vulnerabilities ISTR
are in Windows image handling libraries. I assume they've been fixed n
I don't believe malicious code can be executed with echo and header.
The header of the PNG file, not a HTTP header.
--
Richard Heyes
++
| Access SSH with a Windows mapped drive |
|http://www.phpguru.org/sftpdrive|
+---
On Sun, 2008-04-20 at 15:52 +0200, rb wrote:
I'm getting from an external source a PNG image in raw format (encoded in
base64).
And with this code I'll echo on the screen.
--
$img=base64_decode($_POST['img']);
header("Content-type: image/png");
echo $img;
--
A quick way would be to
On Sun, 2008-04-20 at 15:52 +0200, rb wrote:
> I'm getting from an external source a PNG image in raw format (encoded in
> base64).
>
> And with this code I'll echo on the screen.
>
> --
> $img=base64_decode($_POST['img']);
>
> header("Content-type: image/png");
> echo $img;
> --
A qui
6 matches
Mail list logo
