> I mean, if you already specified it as a PNG image with header(), how
> do you execute Javascript/malicious code, as the browser will render
> it as a PNG?
Malicious code can still be embedded in images. The vulnerabilities ISTR
are in Windows image handling libraries. I assume they've been fixed now
though because it was some time ago. But that doesn't mean to say more
won't be found.
--
Richard Heyes
+----------------------------------------+
| Access SSH with a Windows mapped drive |
|
http://www.phpguru.org/sftpdrive |
+----------------------------------------+