PHP Exploit Code in a GIF

Discussion in 'NOD32 version 2 Forum' started by Lonewolfie, Jun 24, 2007.

Thread Status:
Not open for further replies.
  1. Lonewolfie

    Lonewolfie Registered Member

    Joined:
    May 3, 2006
    Posts:
    1
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Non viral links are fine.

    Cheers :D
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    That type of exploit is used against webservers, not against end-user PCs. It's a fairly trivial exploit that might allow a person to upload a piece of PHP code (PHP is a programming language used for writing web applications like forums, blogs and such) to run on a webserver, and perhaps take over some part or parts of that webserver given the right circumstances. But, it is not a file infector or trojan that effects Windows PCs.

    Essentially, it's simply text in a specific format that is put inside a GIF image file, and it can only "run" if the machine its put on is running a webserver that has PHP installed on it, which is also configured to allow PHP code to be run in such a context. (Frankly, it's a low priority, non-issue exploit, that a basic "webserver 101" configuration should never allow to be exploited.)
     
Thread Status:
Not open for further replies.