http://www.techworld.com/security/news/index.cfm?newsID=9240
By Matthew Broersma
Techworld
21 June 2007
Hackers have begun circulating a PHP exploit embedding it in a seemingly
harmless GIF image, according to security researchers.
The exploit was discovered in at least one GIF on a major image-hosting
website, according to a bulletin [1] from the SANS Institute's Internet
Storm Center (ISC) on Tuesday.
"It's interesting and scary to find a file that acts like a regular GIF
file, but contains a script exploit," said SANS ISC handler Lorna
Hutcheson in the bulletin.
The exploit, coded in PHP script, could be a dangerous new development,
Hutcheson said.
"Interestingly enough, the file itself contains a completely legitimate
1x1 gif image at the beginning of the file," she wrote. "It is a clever
way to pass exploit code to others without it setting off alarms or
attracting attention all while bypassing network security tools."
She also suggested the technique could be used to create a Remote File
Inclusion attack, an attack that lets hackers run their own malicious
code on an otherwise harmless website.
[1] http://isc2.sans.org/diary.html?storyid=2997
Received on Fri Jun 22 02:02:53 2007