This site uses cookies and similar technologies.

If you don't change browser settings, you agree to it.

I understand
101 Posts
4 months ago

Hi, I try to upload a non image file using upload image field by renaming the file extension to jpg. 

First, I renamed the file.php to file.jpg, and seblod refuse to upload it. It returned  error : Warning: File xxx not uploaded for security reasons! This is OK.

But when I tried to upload .exe file .msi, and .zip (I changed these files extension to .jpg before upload it), and suprisingly seblod accept it and generate a black image, including all thumbnails. 

My questions, is this something normal or something need to worry about? Is there any security potential by allowing inappropriate files upload by just renaming the extension?


Get a VIP membership