I have wrapped an executable inside an image which has the following content -
GIF89a<?php
echo 'hacked';
?>
and saved it as filename image.gif.
Now when I upload this image then it's able to bypass the image and dimension validation.
'photo' => 'required|image|dimensions:min_width=20,min_height=20',
Is there a way to validate this kind of images?
A workaround I have tried -
Used PHP function getimagesize() but it returns
array:6 [▼
0 => 16188
1 => 26736
2 => 1
3 => "width="16188" height="26736""
"channels" => 3
"mime" => "image/gif"
]
although image is not valid but still it has valid width and height.
via Amit Gupta
