1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Executable PHP in a GIF image

Discussion in 'PHP & Perl' started by On_The_Edge, Dec 10, 2007.

  1. On_The_Edge

    On_The_Edge Newbie

    Joined:
    Nov 16, 2007
    Messages:
    23
    Likes Received:
    1
    Ok, I'll ask the first coding question.

    Is it possible to place an executable PHP script,within the middle of a GIF image? Is it possible to still have the file appear as an image to a server without detecting the php? I though I read about this action somewhere earlier this year.
     
  2. Pryda

    Pryda Registered Member

    Joined:
    Sep 9, 2007
    Messages:
    95
    Likes Received:
    35
    Afaik, it's impossible. The server only executes PHP scripts when the extension is defined as PHP script. So for this, GIF has to be defined as PHP script. But then it still won't be able to handle a PHP script in the middle of a GIF image, because GIF is binary and PHP isn't.

    It is possible to create a PHP script that outputs a GIF image, but that's not what you want, is it? :)
     
  3. nova

    nova BANNED BANNED

    Joined:
    Jul 23, 2007
    Messages:
    256
    Likes Received:
    41
    This is used in those invisible 1x1 pixel tracking. So your code is

    HTML:
    <img src="http://www.site.com/script.php"></img>
    Your script then records all the referer, ip, and any other info you want and saves it to a database and streams a 1x1 pixel transparent gif.

    If you want to execute code on the users machine through an image tag then you should be learning about xss expliots.





    http://tubeautomator.com/squeeze.php​
     
  4. On_The_Edge

    On_The_Edge Newbie

    Joined:
    Nov 16, 2007
    Messages:
    23
    Likes Received:
    1
    Thanx for the valuable information. Thought this might have worked for a project I have been considering.

    "If you want to execute code on the users machine through an image tag then you should be learning about xss expliots." I plan to look into this further because this sounds like possibly more what I need.
     
  5. xXKingdom_SEOXx

    xXKingdom_SEOXx BANNED BANNED

    Joined:
    Nov 1, 2007
    Messages:
    646
    Likes Received:
    51
    nova your software is great! you are doing big things my friend.
     
  6. nova

    nova BANNED BANNED

    Joined:
    Jul 23, 2007
    Messages:
    256
    Likes Received:
    41


    Thanks dude :)



    http://tubeautomator.com/squeeze.php​
     
  7. aaappp3

    aaappp3 Newbie

    Joined:
    Dec 14, 2007
    Messages:
    34
    Likes Received:
    11
    PHP is a server side language so it gets executed on the server, not on the user's machine. You can link to a PHP script disguised as an image using modrewrite, for example:

    <img src="image.gif">

    Use modrewrite to rewrite this to "script.php". The script then does whatever you want it to do (on the server, not on the user's machine) and then outputs an image which gets displayed on the user's machine. The only use for this, as far as I can see, is to prevent anyone knowing you're using an image tag to link to a PHP script. I don't think that's what you were after though, I only posted this because the forum is so empty and somebody might find the above info useful...
     
    • Thanks Thanks x 1
  8. anonymous

    anonymous Newbie

    Joined:
    Dec 17, 2007
    Messages:
    32
    Likes Received:
    0
    Occupation:
    Slave Trader
    i dont know whether it is patched now
    but one year ago what you are saying was possible, watch it
    milw0rm.com/video/watch.php?id=57
     
  9. JohnDoe

    JohnDoe Junior Member

    Joined:
    Dec 28, 2007
    Messages:
    159
    Likes Received:
    21
    it can be done in a folder create a custom .htaccess file and then add the following
    This is adding a custom mime header that tell how the file is run and makes a PNG file be run through the php binary

    AddType application/x-httpd-php .PNG

    This is how people create the dynamic php signatures that show your ip address and such,
     
  10. JohnDoe

    JohnDoe Junior Member

    Joined:
    Dec 28, 2007
    Messages:
    159
    Likes Received:
    21
    Here is a file called sig.png that I use and it displays a image and a random quote

    PHP:
    <?php 
    function ImageStringWrap($image$font$x$y$text$color$maxwidth

       
    $fontwidth ImageFontWidth($font); 
       
    $fontheight ImageFontHeight($font); 

       if (
    $maxwidth != NULL) { 
           
    $maxcharsperline floor($maxwidth $fontwidth); 
           
    $text wordwrap($text$maxcharsperline"\n"1); 
         } 

       
    $lines explode("\n"$text); 
       while (list(
    $numl$line) = each($lines)) { 
           
    ImageString($image$font$x$y$line$color); 
           
    $y += $fontheight
         } 

    // 
    header("Content-type: image/png"); 
    $h_array file("homer.txt"); 
    srand((double) microtime() * 10000000); 
    $h array_rand($h_array); 
         
    // Calculate vertical position//put your image name here (must be a png) 
    $im imagecreatefrompng("homer.PNG"); 
    //change your text color here ( must be the hex value) ex. 255,255,255 would be white 
    $color imagecolorallocate($im255255255); 

    //change your X & y coordinates here to place the text on your image where you want it 
    //(these will center the text on a 400x100 image) 
    $px=80
    $py=50

    //no need to touch this unless you know what your doing 

    ImageStringWrap($im3$px$pyrtrim($h_array[$h]), $color550 ); 

    imagepng($im); 
    imagedestroy($im); 

    ?>

     
  11. binaryjesus

    binaryjesus Newbie

    Joined:
    Feb 25, 2008
    Messages:
    5
    Likes Received:
    0
    there was a gif php injection attck a while back.....
    but i dont think it will work anymore ! :1244:
     
  12. nme

    nme Junior Member

    Joined:
    Jan 17, 2008
    Messages:
    124
    Likes Received:
    36
    With jpeg's in the exif metadata field. The gif file format doesn't have that.
     
  13. pussyback

    pussyback Regular Member

    Joined:
    Apr 5, 2008
    Messages:
    402
    Likes Received:
    79
    cool stuff thanks every one
     
  14. BadHacker

    BadHacker Newbie

    Joined:
    Sep 23, 2007
    Messages:
    24
    Likes Received:
    1
    it is possible to hide a php shell backdoor script inside an image file with a little bit of editing.
    the best workaround is to have all image files in the same directory and disable php from processing files inside the image folder.
     
  15. lowridertj

    lowridertj Newbie Premium Member

    Joined:
    Apr 13, 2008
    Messages:
    45
    Likes Received:
    24
    Hate to burst some bubbles


    but make a php file.

    Code in it.

    <?php

    echo"hello";
    ?>

    now name it something.php

    Add .jpg

    something.php.jpg

    The server will infact execute it as php script. try it yourself.

    TJ
     
  16. boomboomer

    boomboomer Executive VIP

    Joined:
    Feb 7, 2008
    Messages:
    705
    Likes Received:
    865
    Nope .. Tried it. IE simply prints the code from the file and FF prints the URL of the file ..
     
  17. jaeden

    jaeden BANNED BANNED

    Joined:
    Jun 3, 2008
    Messages:
    232
    Likes Received:
    28
    to get php to execute that file you would have to get a script to call it with something like
    Code:
    include()
    . at that point the extension doesn't matter. I'm guessing what the orig poster is getting at is he wants to execute code on someone's machine when they view an image on a site. This is possible against unpatched machine via a GDI exploit but good luck finding machines to infect.

    Also, it would never be php code you would be embedding in an image. it would be some sort of client side scripting. Im not sure if it's still possible i recall visiting images before that execute vb script.

    If your intention is to upload a php script named as a gif to a server in order to gain access to the server, you would want to try to do something like manipulate the value of a variable called in an include(). so like...
    lets say its a forum and you rename yourscript.php to yourscript.gif then upload it to the forum as your avatar or an attachment.. you would then want to look for something in the forum code like
    Code:
    include($file)
    ; then try to alter the value of $file via the browser to point to yourscript.gif.

    Note: there are some pretty neat PHP trojans out there that you can use to intrude upon any server that you can get the things uploaded to. A popular one is called c99.
     
  18. blackknyt

    blackknyt Newbie

    Joined:
    Mar 9, 2008
    Messages:
    12
    Likes Received:
    0
    Yes it is possible dont hae the time to code it right now but heres a hint of what I did last time I did it.

    -Use htaccess to interprate that particular file as a php script i.e. first.gif is actually just a php file with gif as an extension.
    -Execute your php script careful not to echo or print anything to the browser
    -Finally open you gif with your php file i.e. first.gif opens real.gif and print the correct stuff to the browser.
     
  19. «ó«ô»ò» Lurk «ó«ô»ò»

    «ó«ô»ò» Lurk «ó«ô»ò» Newbie

    Joined:
    May 16, 2008
    Messages:
    33
    Likes Received:
    6
    Occupation:
    Black hatter
    Location:
    TRS-80 Level II BASIC
    Home Page:
    LOL!

    "I have a truly marvellous proof of this proposition which this margin is too narrow to contain."
    ~Pierre de Fermat
     
  20. goawayplease

    goawayplease Regular Member

    Joined:
    Apr 10, 2008
    Messages:
    299
    Likes Received:
    67
    GD and ImageMagick are fun libraries, but sample code is always more fun Gen :cool: