As a developer and administrator for the webhosting company I saw many galleries and download scripts written in PHP. While the scripts were generally similar (used file_get_contents(), fopen(), readfile()), sometimes I’ve seen other, less traditional implementations.
A case of one of my company’s customers inspired me to write this article. Few months ago he reported to me with the problem of sending files via a PHP script. Some of his files were sent successfully but others did not and he could not get to the heart of the matter.
After a brief code inspection, it turned out that script written by him had some undesired, additional functionality. Because he’s been using include() clause to read an images, his script was vulnerable to the code injection! (more…)