Quote:
Originally Posted by Skipdawg
Awesome! It's just amazing what all hackers can do some times.  |
if you allow .rar, .zip, .tar, or basically any archive to be uploaded to your site, someone can upload malicious php code.
i.e.
bleh.php.zip or
bleh.php.rar (these files have nothing bad, just ask for a name, and then they say hello).
but as you can see the extension is .php.zip if it were changed to just .zip, the code won't execute.
so it's best to rename the file that is being uploaded, and posibly scan the file for coding...