Need a urgent help.
A hacker uploading php file through image upload option and hacking my website.
Anyone can register on my website and upload their profile picture. This guy is somehow uploading a php file through this option. From that file he is able to access all files and upload different malicious files to the server.
I've browser side and server side validations but still not able to figure out how is he uploading.
my upload script will change Image file name automatically before uploading to the server.
for example :
if you upload sample.jpg it will convert to esd2238982.jpg (System generated name). This is guy is converting to esd2238982.php
please help me to trace this problem. i cant control him from accessing the website. instead i want to make the necessary coding changes.