PHP Image Exploit
This exploit has been discovered which enables malicious users to upload valid PHP codes disguised is image files. Websites vulnerable to this attacks are website which accepts uploads of images, although this kind of exploit it is not exactly new, I am afraid some sites are still vulnerable due to bad security practices of their developers. Basically uploaded files are moved to a given directory. If the site then serves the uploaded images directly on their server, the malicious file can be executed via url.
The basic solution to avoid this problem is to either serve images only with actual extensions of image files (.gif, .png, .jpeg), or protect the upload directory to avoid direct requests to where the images are located.
Depending on your PHP setup, it may or may not be easy to protect your uploaded images directory. In Apache it can be done using a .htaccess file with lines like this:
<Files images> deny from all </Files>
Alternatively you can use other PHP functions to serve image files as images, and so, avoid triggering the execution of PHP scripts embedded in image files like these readfile.
$file = 'image.gif.php';
Header('Content-Type: image/gif');
readfile('images/'.basename($file));
Note the use of basename function to avoid injection of malicious paths. This way, only files from inside the images directory will be served, even if the original file named was forged to steal server sensitive files like /etc/passwd .
Bookmark This!
I am Filipino Web Developer, focusing on PHP in LAMP framework. As a kid, I spent a lot of my time exploring computers and computer games from Atari to PS, from INTEL 80286 - CoreDuo. I am happily married, with two kids. Currently working in Japan as an IT Engineer.