Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded

["Hung Nguyen Vu" <vuhung16plus+shape@example.com>]

On Thu, Jun 5, 2008 at 6:10 PM, Edmund Edgar <lists@example.com> wrote:
> Change the name of your jpeg file from freebsd.jpg to freebsd.php, then go to:
> http://aoclife.ddo.jp/tmp/freebsd.php.
Oh Shit, he did it. But unfortunately, I couldn't rename it to .php.

> Of course, if the web application used to upload the jpeg is checking
> for what it should be (a .php extension) an attacker wouldn't usually
> be able to upload the file with the extension .php in the first place.
> As previously, they'd need to find another vulnerability somewhere to
> persuade the PHP program on the server to run the file.
The same approaches can be applied to PNG, GIF, JPEG, TIFF because
those formats allow comments.
And combining with some kind of encryption, they can hide the malicious code.

What is the name of exploits like this? MIME type? ask you mentioned
in the second email?


-- 
Best Regards,
Nguyen Hung Vu ( Nguyễn Vũ Hưng )
vuhung16plus{remove}@example.com , YIM: vuhung16
Japan through an eye of a gaijin:
http://www.flickr.com/photos/vuhung/tags/fav/