可以将php shell注入图像吗？这将如何运作？ [英] Can a php shell be injected into an image? How would this work?

问题描述

我记得我看到过一个图像上传功能的漏洞，其中包括将恶意的php代码隐藏在tiff图像中。

I remember seeing an exploit for an image uploading function, which consisted of hiding malicious php code inside a tiff image.

我正在制作自己的图像上传脚本，并且我认为我必须保护自己免受这种可能性的影响。除了，我不知道它将如何工作。有谁知道隐藏在图像中的php shell如何执行自身？

I'm making my own image uploading script, and I assume I'll have to protect myself from this possibility. Except, that I have no idea how it would work. Does anyone know how a php shell hidden inside an image would execute itself? Would it need to be loaded in a certain way?

谢谢。

推荐答案

重新编码图像不会阻止某人上载Shell。唯一防止这种情况的方法是重新编码并扫描图像中是否存在php标签。

Re encoding the image will not stop someone from uploading a shell. The only sure way to prevent it is to re-encode and scan the image for the presence of php tags.

例如可以重新编码的PHP PNG shell

这篇关于可以将php shell注入图像吗？这将如何运作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！