[Tamper Data] Upload Banners

[cajkan]

Hello VL community,

I was watching some videos on youtube, and i was thinking if VL (our websites) are protected agains this method.

Maybe users could change/tamper upload banners extensions ???

Thank you very much.

 

[Mark]

Short answer is yes, and no known exploits at this time.

 

[Basti]

Well to begin with that guys issue is that he didnt secured "recordID" ( the 1 )
Our queries are all secured against that, so to begin with he cant find the info like he did in the video.

And then that guys second issue is he badly secure the upload, If he had used proper file size check via getimagesize() he would have prevent is tampered data