Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Misdetection] PHP file misdetected as image when image is injected at the start of the file #468

Open
riklaunim opened this issue May 20, 2024 · 0 comments
Labels
misdetection This issue is about a misdetection on a content type currently supported needs triage This issue still needs triage by one of the maintainers

Comments

@riklaunim
Copy link

If you take an image file, append PHP code to it (and rename to .PHP) it will be recognized as image. Old PHP code injection vulnerabilities were possible with such files when the code used a bad source of mime type detection.

Example file (PNG icon with phpinfo at the end):
example.zip

@riklaunim riklaunim added misdetection This issue is about a misdetection on a content type currently supported needs triage This issue still needs triage by one of the maintainers labels May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
misdetection This issue is about a misdetection on a content type currently supported needs triage This issue still needs triage by one of the maintainers
Projects
None yet
Development

No branches or pull requests

1 participant