png, jpg bypass, for injection shell that can be used from rfi injection's

Hi, found a bug the message system, the place were you guys can had a image, supposelly, you can only had png, jpg, but well, i bypassed that with somefile.php.jpg
meaning the file can be used has an injection for php shells, in other website's.
example url:

Best regards
1 person has
this question
This topic is no longer open for comments or replies.