ive created a multiple file upload tool using PHP. Its in testing stages at the moment, but im just wanting to know what should i look out for just incase ive missed anything.
below is a list of what ive covered already:
check if size of file is not greater than MAX_FILE_SIZE
check if size of file is not zero e.g no file selected
check file mime type
check if getimagesize() return true of false
check if move_uploaded_file() returns true or false
im wanting to make my file upload tool bullet proof and looking for some suggestions to achieve this for an upload tool.
is there any other things i should look out for etc etc...
i will no be posting my code as ive put alot of work into coding this script and i dont want somebody coming alot taking it and saying "hey look what i created".
my script supports multiple file uploads and supports GIF, PNG, JPG file types
also look at what about this vulnerability?
telnet example.com 80
POST /your_form.php HTTP/1.1
INSERT FAVORITE TROJAN WORM HERE
how do i overcome this?