118 Posts
webchun
5 years ago
0
Topic

Hi, I try to upload a non image file using upload image field by renaming the file extension to jpg. 

First, I renamed the file.php to file.jpg, and seblod refuse to upload it. It returned  error : Warning: File xxx not uploaded for security reasons! This is OK.

But when I tried to upload .exe file .msi, and .zip (I changed these files extension to .jpg before upload it), and suprisingly seblod accept it and generate a black image, including all thumbnails. 

My questions, is this something normal or something need to worry about? Is there any security potential by allowing inappropriate files upload by just renaming the extension?

Thanks

Get a Book for SEBLOD