Rastin Mehr

Rastin Mehr

Preventing a php shell upload attack in your custom apps

A common form of attacks in applications that allow file upload is when you enable unrestricted file upload without checking the file type against a restricted list of mime-types in your back-end code. 

In the Anahita default installation, the only file uploads happen when a user uploads an avatar, cover image, or photo. In all cases, only certain mime types are allowed. If you are developing c...

Powered by Anahita