Home > PHP | ImageFight > PHP code in GIF image file

PHP code in GIF image file

Recently it was reported that some picture files buried within the attack code of PHP was discovered on the major hosting site.

The RFI attack of PHP code can be buried within GIF, PNG, JPEG, and other picture files.

PHP code in GIF image file (sample)

phpinfo.gif

phpinfo-gif-dump.png  

include.php

<h1>PHP/GIF include demo</h1>
<?php
include("./phpinfo.gif");
?>

Result

phpinfo-gif-include.png 

Comments:1

Sudhanshu 07-10-04 (Thu) 23:40

Hey, what is that BZ thingie??

Comment Form
Remember personal info

Trackback+Pingback:1

TrackBack URL for this entry
http://wafful.org/2007/08/04/php-code-in-gif-image-file/trackback/
Listed below are links to weblogs that reference
PHP code in GIF image file from wafful.org - Web Security Blog
Trackback from My Program 07-10-08 (Mon) 14:17

好炫的不用javascript程式判定browser方式…

views: 369 times 一般我們在判斷 client 的 browser 時, 是利用 javascript 取得 client browser 屬性, 若是不使用 javascript 的狀況下, 如何能做到呢? 可以利用 html hack trick 方式來達成, 這篇文章http://wafful.org/~…

Home > PHP | ImageFight > PHP code in GIF image file

Categories
Recent Entries
Archives
Feeds
Meta

Page Top