PHP漏洞代码可以自我植入GIF文件中-php手册-php.cn

Home

php教程

php手册

PHP漏洞代码可以自我植入GIF文件中

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 11:01 AM

gifphpcenterinternetcodeCandocumentloopholesofResearch Institute

根据SANS研究院互联网风暴中心(ISC)的一篇博客文章介绍，PHP漏洞代码在GIF文件开始部分合法图像的帮助下可以简单的逃过网站的防御。

SANS安全博客写到“这是传递漏洞代码到其它地方的一种精明的方法，通过旁路网络安全工具根本不会引发警报或引起注意。”

恶意攻击者可以将PHP漏洞代码植入一个图形文件中。PHP是经常用来开放动态网站的一种编程语言。

SANS研究院首席研究员Johannes Ullrich说到：“一旦这种类型的恶意GIF文件被上传到服务器后，通过远程在该系统上部署更多的漏洞代码可能会造成严重的破坏。”

当用户下载并浏览图片时，服务器解析PHP代码然后漏洞代码就会被执行。

Ullrich表示，在过去的六个月中，这种技术突然出现时主要发生在小型家庭网站上，最近更多的发生在大型图片库网站上。

【相关文章】

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

3 weeks agoByDDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks agoByDDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks agoByDDD

Hot Tools

SublimeText3 English version

Recommended: Win version, supports code prompts!

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.