可以将php shell注入图像吗?这将如何运作? [英] Can a php shell be injected into an image? How would this work?
问题描述
我记得我看到过一个图像上传功能的漏洞,其中包括将恶意的php代码隐藏在tiff图像中。
I remember seeing an exploit for an image uploading function, which consisted of hiding malicious php code inside a tiff image.
我正在制作自己的图像上传脚本,并且我认为我必须保护自己免受这种可能性的影响。除了,我不知道它将如何工作。有谁知道隐藏在图像中的php shell如何执行自身?
I'm making my own image uploading script, and I assume I'll have to protect myself from this possibility. Except, that I have no idea how it would work. Does anyone know how a php shell hidden inside an image would execute itself? Would it need to be loaded in a certain way?
谢谢。
推荐答案
重新编码图像不会阻止某人上载Shell。唯一防止这种情况的方法是重新编码并扫描图像中是否存在php标签。
Re encoding the image will not stop someone from uploading a shell. The only sure way to prevent it is to re-encode and scan the image for the presence of php tags.
这篇关于可以将php shell注入图像吗?这将如何运作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!