The 1×1 JPEG hack, goes something like this…..

Many file upload forms use server side processing that checks for MIME type and filename/extension to see if a file is bonafide. These attributes of a file are always sent by the referrer, so they can be faked. You can set up a 1×1 jpeg with fake mime information and a fake extension, such as hack.jpg.php. This will both pass the MIME and file extension check of the file upload script. If a vulnerable script allows .php or any other executable file then all sorts of mayhem can occur.

To protect against this use a regular expression of the form:

$source = $_FILES['file1']['tmp_name'];
$source_name = $_FILES['file1']['name'];
$source_type = $_FILES['file1']['type'];

if(($source <> “none”) && ($source <> “”) && ((eregi(“.png$”,$source_name) && eregi(“^image/png$|^image/x-png$”,$source_type))) { //allow the file}else{ //this is an invalid file}

This example protects against both MIME type and file extension fakes and uses PHP as it’s scripting language