A
aa
If I allow people to upload GIF or JPG files on my site, is there a technical possibility to upload an executable file disguised as gif or jpg and execute it on my server?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bob Barrows
aa said:If I allow people to upload GIF or JPG files on my site, is there a
technical possibility to upload an executable file disguised as gif
or jpg and execute it on my server?
I don't see how. Whether or not you are using a third-party component or a
pure asp solution to handle the upload, you are in control over what happens
to the file when it is processed in the server-side page.
I suppose there is a possibility of some type of malware being sent to a
client machine after it's been uploaded to the server (although I may be
wrong about this part).
You may get more details by asking on m.p.inetserver.iis.security. You may
want to do a Google search first. This may be a FAQ.
Bob Barrows
A
aa
Thanks, Bob.
I do not know what exactly is possible for a knowleadgeable hacker.
They make viruses built into email message which, when downloaded, start
doing some things.
This makes me think that one can write a virus camuflaged as a .gif file and
upload it to the server.
If I direct all uploads to a directory with no execution permissions, would
it prevent possible problems?
I do not know what exactly is possible for a knowleadgeable hacker.
They make viruses built into email message which, when downloaded, start
doing some things.
This makes me think that one can write a virus camuflaged as a .gif file and
upload it to the server.
If I direct all uploads to a directory with no execution permissions, would
it prevent possible problems?
A
Aaron Bertrand [MVP]
They make viruses built into email message which, when downloaded, start
These have extensions that the operating system runs arbitrarily, such as
..pif or .scr. Not so with .gif or .jpg.
No, can't really be done, since your operating system already knows what to
do with GIF files. The hacker would first have to alter your machine so
that it treated .GIF extension as something else. And this still wouldn't
affect your server, unless they altered the server that way, gained access
to the file system, and ran it. In which case, they wouldn't need to
disguise anything.
No, I assume you are worried about what happens when a user downloads the
file. If you put a file on your web server, anyone who accesses that file
via the web will be viewing it through their browser, or downloading it to
their machine.
doing some things.
These have extensions that the operating system runs arbitrarily, such as
..pif or .scr. Not so with .gif or .jpg.
This makes me think that one can write a virus camuflaged as a .gif file and
upload it to the server.
No, can't really be done, since your operating system already knows what to
do with GIF files. The hacker would first have to alter your machine so
that it treated .GIF extension as something else. And this still wouldn't
affect your server, unless they altered the server that way, gained access
to the file system, and ran it. In which case, they wouldn't need to
disguise anything.
If I direct all uploads to a directory with no execution permissions, would
it prevent possible problems?
No, I assume you are worried about what happens when a user downloads the
file. If you put a file on your web server, anyone who accesses that file
via the web will be viewing it through their browser, or downloading it to
their machine.
G
Guest
It makes sense, thanks
R
Ray at
You're welcome.
?
Ray at work
?
Ray at work
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
Firebase Hosting error even if it comes successfully hosted on opening the link
- Started by anuragag27
-
The Horror of pointers...
- Started by FTMZ
-
Hi Guys 'n Galls! Fairly new to all of this and eager to learn.
- Started by FTMZ
-
Can I Import Corrupted Thunderbird Files to Outlook?
- Started by mirchijosh
-
How do I export Yahoo Mail to Outlook PST?
- Started by priyanka0503
-
How to convert Thunderbird Emails to Outlook: Perfect Solution Guide
- Started by mirchijosh
-
Can I merge PDFs without losing quality?
- Started by sitele8746
-
How to add days to shown current date (display date in future).
- Started by Bsan
-
Trying to make a "Jump to" in a Frequently Asked Question page
- Started by jPaulB
-
How to convert MBOX files to PST format?
- Started by Mahesh01