Determine filetype without extension in silverlight c#

Question

Im developing a webapp where the user can upload an image to the server. I want to ensure that the user uploads an image, and not anything else, like a reverse shell or something malicious. Therefore I cannot use the extensions since you can easily fake that.

 var dlg = new OpenFileDialog();
            //dlg.Filter = "";
            dlg.Multiselect = false;

            bool? openClicked = dlg.ShowDialog();
            if (openClicked == true)
            {
                Stream stream = dlg.File.OpenRead();

                BinaryReader binary = new BinaryReader(stream);

//Determine filetype here.

                byte[] data = binary.ReadBytes((int) stream.Length);

There must be a simple way to do this?

Tl;dr: How do I determine filetype to prevent a reverse shell?

According to [this answer](http://stackoverflow.com/questions/3312607/php-binary-image-data-checking-the-image-type) you can just check the bits at the start of the stream — CodingIntrigue, Sep 18 '13 at 12:25

score 0 · Answer 1 · answered Sep 18 '13 at 18:56

0

You need to apply file filters like this,

     OpenFileDialog dlg = new OpenFileDialog();
     dlg.Filter = "All files (*.*)|*.*|PNG Images (*.png)|*.png";

answered Sep 18 '13 at 18:56

Sajeetharan

216,225
63
350
396

"Therefore I cannot use the extensions since you can easily fake that." The questioner is well aware that file extensions are not sufficient, however it seems that you are not. – Luke Woodward Sep 18 '13 at 20:58

Determine filetype without extension in silverlight c#

1 Answers1