PHP exploit code plants itself in GIF

Security researchers find PHP exploit code embedded in a GIF on a major image hosting site.

by Dawn Kawamoto June 20, 2007 9:07 AM PDT

Security researchers on Tuesday found PHP exploit code embedded in a GIF on a major image hosting site. The exploit code slipped through the proverbial gates with the aid of a legitimate image at the beginning of the file, according to a posting on the Sans Internet Storm Center.

"It is a clever way to pass exploit code to others without it setting off alarms or attracting attention all while bypassing network security tools," the Sans security blog noted.

Malicious attackers planted PHP coded exploit script within an image file. PHP is often used as a programming language to create dynamic Web sites.

Once this type of malicious GIF is uploaded to a server, it can create havoc by remotely allowing more exploits to be deployed on the system, said Johannes Ullrich, chief research officer for the Sans Institute.

When users download the image to view it, the server parses the PHP code and the exploit is executed, as it serves the image to the user.

Over the past six months, this type of technique has been cropping up with greater frequency--from small family Web sites to, more recently, a major image hosting site, Ullrich said.

Don't Miss

How Facebook's Zucked-up IPO just killed the tech bubble
Internet & Media
Is NFC killing Google Wallet?
Mobile
Top-rated reviews of the week
Slideshow
iPad case with a secret identity
Review

CNET Conversations

Driving into the future at VW's Electronics Research Lab

CNET editor at large Brian Cooley goes behind the scenes with Peter Oel, director of Volkswagen Electronics Research Lab, to show you how Silicon Valley is changing the way we drive, from the latest in infotainment systems to new 3D technologies being used for design.

Play Video

PHP exploit code plants itself in GIF

Don't Miss

Featured Posts

Most Popular

About News Blogs

RSS

my Yahoo

Google

MSN

CNET Mobile Apps