|
|
|
#1
01-08-2008, 19:24
|
||
|
PHP embedded in GIF files
There is a security flaw in GIF files that allows a PHP program to be inserted into the GIF file. The way this works is the file has the proper GIF89 headers to make it a valid file (thus not caught by a PHP upload script), but yet the PHP code is embedded. A hacker can use it to find out passwords, etc, since the .php code would run as the webhost.
I never knew this was possible until I read about it when someone tried it on our server. This site has what you can do about it... http://www.phpclasses.org/blog/post...GIF-images.html |
|
|
|
|
|
#2
01-09-2008, 12:20
|
||
|
I saw many times that when I loaded a page (page.php) I was redirected to a 1px gif page. What that the "hackers" pages? If so, how could I protect myself from this kind of hack?
 |
|
|
|
|
|
|
#3
01-09-2008, 19:10
|
||
|
It's hard to say from your description what their intent was. It could be anything from a cookie reader, a wrong redirect, a page tracker, or a legitimate purpose. Not sure what you could do to avoid those, except to only go to trusted sites, which I know is not the most practical of advice in the real world.
|
|
|
|
|
|
 |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| What is PHP, Here i will tell you what is PHP | booster20002005 | Programming | 1 | 08-20-2007 04:04 |
| 80 cheap Script for sale | teampower | Content | 0 | 06-29-2007 02:08 |
| Free Host-Domain-Pop3Mails | ceberus | Free Web Hosting Discussions And Reviews | 1 | 06-15-2007 07:10 |
| PHP Designer 2005 | Positive | Other Free Resources | 1 | 08-30-2005 01:13 |
| How To : Improve Your PHP Programming | admans | Website Design Forum | 0 | 07-17-2005 07:58 |
Linear Mode
