PHP Exploit Code in a GIF

Discussion in 'NOD32 version 2 Forum' started by Lonewolfie, Jun 24, 2007.

Thread Status:
Not open for further replies.
  1. Lonewolfie

    Lonewolfie Registered Member

    Joined:
    May 3, 2006
    Posts:
    1
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Non viral links are fine.

    Cheers :D
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,133
    Location:
    New England
    That type of exploit is used against webservers, not against end-user PCs. It's a fairly trivial exploit that might allow a person to upload a piece of PHP code (PHP is a programming language used for writing web applications like forums, blogs and such) to run on a webserver, and perhaps take over some part or parts of that webserver given the right circumstances. But, it is not a file infector or trojan that effects Windows PCs.

    Essentially, it's simply text in a specific format that is put inside a GIF image file, and it can only "run" if the machine its put on is running a webserver that has PHP installed on it, which is also configured to allow PHP code to be run in such a context. (Frankly, it's a low priority, non-issue exploit, that a basic "webserver 101" configuration should never allow to be exploited.)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.