Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site.

The exploit code slipped through the site's defences with the aid of a legitimate image at the beginning of the file, according to a blog post on the Sans Institute's Internet Storm Center.

"It is a clever way to pass exploit code to others without it setting off alarms or attracting attention all while bypassing network security tools," the SANS security blog noted.

Malicious attackers planted PHP coded exploit script within an image file. PHP is often used as a programming language to create dynamic Web sites.

Once this type of malicious GIF is uploaded to a server, it can create havoc by remotely allowing more exploits to be deployed on the system, said Johannes Ullrich, chief research officer for the SANS Institute.

When users download the image to view it, the server parses the PHP code and the exploit is executed, as it serves the image to the user.

Over the past six months, this type of technique has been cropping up with greater frequency from small family Web sites to, more recently, a major image hosting site, Ullrich said.

Advertisement

Print feature brought to you by Hewlett Packard

Related links

Comments

1

umesh yadav - 04/07/07

Pleases tell me how can i upload image in a webpage. please tell php code. i have image(jpeg) in a folder. second thing please tell me how can i show some amount of any item of any image through php?

» Report offensive content

2

Ads - 24/09/07

How do you filter images such as gif with embedded code in it before uploading it in server?

» Report offensive content

3

Max - 22/10/07

umesh, please Shut up. You're an idiot.

» Report offensive content

4

manikanta - 10/11/07

policy means

» Report offensive content

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Latest comments

4

manikanta - 11/10/07

policy means ... more

3

Max - 22/10/07

umesh, please Shut up. You're an idiot. ... more

2

Ads - 24/09/07

How do you filter images such as gif with embedded code in it before uploading it in server? ... more

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Lana Kovacevic What's new in GWT 1.5?

    I recently wrote an introduction to the Google Web Toolkit based on Lars Rasmussen's session at the Google Developer Day 2008 in Sydney. Following the introductory session Lars gave us a deeper insight into GWT, particularly what's new in version 1.5. Read more »

    -- posted by Lana Kovacevic

  • Lana Kovacevic The Portal of the Future

    At this year's Gartner Application Development, Integration and Web Services Summit, I attended Gene Phifer talk: "Portal of the Future: What's Beyond Web 2.0?". Read more »

    -- posted by Lana Kovacevic

  • Staff Google's new foray into image search

    Google is developing visual crawling software that can be used for facial recognition and scene analysis. In addition images can be matched with display ads and utilise geotagging information for various applications. Read more »

    -- posted by Staff

What's on?

  • Club Builder: Sports, Gates and Gears

    This week on Club Builder: Steve Ballmer gives a teary goodbye to Bill Gates, Mark Taylor moves into IT endorsements and we ask some Google Gears questions.