 Image Hosting Can Hurt You |
|
|
|
|
  |
 Jan 10 2007, 07:39 PM
Post
#11
|
|
|
Privileged Member  Group: [HOSTED] Posts: 624 Joined: 13-December 06 Member No.: 35,271  |
Man, you are unlucky. You should of really coded it yourself. Or only have for members of your website. But anyways, "it won't happen to me"
|
 |
 
|
|
Apr 30 2007, 12:11 PM
Post
#12
|
|
|
Newbie Group: Members Posts: 8 Joined: 30-April 07 Member No.: 42,396 |
so i use image shack US - is this ok????
|
|
|
|
|
Jun 23 2007, 05:53 PM
Post
#13
|
|
|
Newbie [Level 2] Group: Members Posts: 29 Joined: 23-November 06 Member No.: 33,877 |
QUOTE(shadowx @ Nov 25 2006, 08:11 PM)  less likely yes, but not impossible. There is a way to get php to execute within an image as some signatures you see do, the ones which display your IP, OS etc... the only way i know of doing this is to write the php code yourself and specify an image document type but im sure there is an exploit somewhere which will allow such images to be uploaded. how could you embed php script in image document type?  Anyway, There is no problem by using image hosting service like image shack. The problems come only when you make a web site which allow the visitors to upload their data to the server. So this means you need to be careful when you make a image hosting service like image shack, but you don't need to worry when you use it. There is no security problem there. |
|
|
|
|
Aug 27 2007, 10:13 PM
Post
#14
|
|
|
Newbie [Level 3] Group: Members Posts: 41 Joined: 2-July 07 Member No.: 45,830 |
I am really interested in what image hosting script u were using ?? as i knew that the turnkey image hosting scripts had these problems
|
|
|
|
|
Sep 6 2007, 11:36 AM
Post
#15
|
|
|
Neurotical Squirrel Group: [HOSTED] Posts: 590 Joined: 4-November 04 From: Novi Sad, Vojvodina Member No.: 2,127 |
Well, I have created a certain signature, that I use in forums that allow members to have hosted images in their signatures via IMG tag, and don't check for extensions... Trap17 doesn't allow it, so I'm not using it here, but I certainly can see how one could easily make a malicios PHP script, and take over some site, or crash it...
If you want to see my signature, go see http://status.galahad.trap17.com/stat.php ... It is a pure JPEG picture, no malicious code... If it's not allowed to have links here, mods, please remove this section, it's not my intent to promote my site, just to show how ot would work
|
|
|
|
|
Sep 6 2007, 01:35 PM
Post
#16
|
|
|
Advanced Member Group: Members Posts: 109 Joined: 5-September 07 From: Australia Member No.: 49,403 |
if i was a really smart guy (which i'm not lol) i would make a script that makes you, the administrator, ok the pis. (in other words, you have to say yes i will allow this certain picture on my website) so you know what people are putting up on your website. but unfortunately i am not a smart guy and i don't know how to write scripts.
 this is all saying that i got the right idea of what your talking about This post has been edited by benzkids: Sep 6 2007, 01:37 PM |
|
|
|
|
Sep 6 2007, 05:48 PM
Post
#17
|
|
|
A computer once beat me at chess, but it was no match for me at kick boxing.  Group: [MODERATOR] Posts: 4,072 Joined: 24-July 05 From: Linix, DOS and Windows…the good, the bad and the ugly Member No.: 9,787  |
QUOTE(Galahad @ Sep 6 2007, 05:36 AM) Well, I have created a certain signature, that I use in forums that allow members to have hosted images in their signatures via IMG tag, and don't check for extensions... Trap17 doesn't allow it, so I'm not using it here, but I certainly can see how one could easily make a malicios PHP script, and take over some site, or crash it... If you want to see my signature, go see http://status.galahad.trap17.com/stat.php ... It is a pure JPEG picture, no malicious code... If it's not allowed to have links here, mods, please remove this section, it's not my intent to promote my site, just to show how ot would work Check in the Tutorial Section here at the Trap17. there is one that uses a folder named with a jpg (or png ) extension that would likely work for you. I think the problem is that .php is not an acceptable file extension fo uploading to this server. Ig you have the script named index.php inside a folder named with an acceptable file extension might work? I think the Tutorial I am referring to can be found use "sig rotator" as a search value. |
|
|
|
|
Sep 7 2007, 10:33 PM
Post
#18
|
|
|
Neurotical Squirrel Group: [HOSTED] Posts: 590 Joined: 4-November 04 From: Novi Sad, Vojvodina Member No.: 2,127 |
QUOTE(jlhaslip @ Sep 6 2007, 07:48 PM) Check in the Tutorial Section here at the Trap17. there is one that uses a folder named with a jpg (or png ) extension that would likely work for you. I think the problem is that .php is not an acceptable file extension fo uploading to this server. Ig you have the script named index.php inside a folder named with an acceptable file extension might work? I think the Tutorial I am referring to can be found use "sig rotator" as a search value. Thanks for that, I already talked to alex7h3pr0gr4m3r about his dynamic Trap17 status image, and he said he used that folder.jpg method, with index.php script inside... It is so simple, and so obvious, that it completely eluded me, and I think I would have never thought of it... But, as you can see now, there is a dynamic image in my sig, and I'm actualy working on releasing a public version, with software to download and update ones status, and a sig for every user... But it's a big work ahead of me Hopefully, I will find some beta testers here
|
|
|
|
|
Similar Topics