Been watching LaraconEU, i realized that i need to validate the content of the image. Currently use Clamav but somehow it’s not detect RCE injection tools in image.
RCE injection tools — https://github.com/ambionics/phpggc
When i use the RCE tools, i found that there is specific string injected to the file like __HALT_COMPILER, phar, $_GET, etc..
So, i came out a simple solution using only preg_match which check any malicious string inside the files.
and for usage just put it in Rule validation array :-
'image' => ['required', new ImageMaliciousDetectionRule]
That’s it. Hope its help 😁
