Timeline for Hacker used picture upload to get PHP code into my site
Current License: CC BY-SA 3.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 22, 2019 at 15:51 | comment | added | user1067003 | validating the input at the client-side is not necessary, it's just if you want to give users the convenience of early error messages, but from a security-point-of-view, client-sided validation is worthless. | |
| Jan 10, 2017 at 15:27 | comment | added | thel3l | @CPHPython - My bad. I'll fix it. Thanks for the heads up. | |
| Jan 9, 2017 at 14:12 | comment | added | CPHPython | I agree with @Mooz, OWASP is also a wiki, i.e. many of those ideas can be edited later and a few of them may help the OP in this particular situation. If you focus on adding the ideas/implementations that may help the OP, I may upvote... Currently your answer is just a copy of previous answers/comments suggestions (even the simple suggestion to disable PHP on the upload directory is more useful than a link to a long list of ideas in another website). | |
| S Jan 6, 2017 at 21:20 | history | suggested | Peter Mortensen | CC BY-SA 3.0 | Copy edited. |
| Jan 6, 2017 at 21:04 | review | Suggested edits | |||
| S Jan 6, 2017 at 21:20 | |||||
| Jan 5, 2017 at 21:32 | comment | added | Möoz | Can you elaborate on the "OWASP" ideas, sending people away from here is not necessarily a good thing. Even bringing some of the content or ideas here would greatly improve this answer. | |
| Jan 4, 2017 at 12:13 | history | edited | Anders | CC BY-SA 3.0 | added 12 characters in body |
| Jan 4, 2017 at 10:12 | history | answered | thel3l | CC BY-SA 3.0 |