Results 1 to 3 of 3

Thread: Do images with embedded shells exist or are they theoretical constructs?

  1. #1
    Join Date
    Aug 2008
    Location
    Massachusetts
    Beans
    24
    Distro
    Ubuntu 8.04 Hardy Heron

    Do images with embedded shells exist or are they theoretical constructs?

    I'm looking to find a GIF file with an embedded backdoor. I've written some PHP code that uses GD and Imagick, and I need to make sure that any image that a user might upload has been sanitized before being moved to its permanent storage location.

    I *think* the code I have does what is necessary, but I need to be sure.

    I've seen references (PDF) to malformed GIFs with embedded shells, but I've never been able to actually *find* one. (Which is probably a good thing.) Do such things actually exist, or are they just theoretical constructs/proof of concept ideas?

  2. #2
    Join Date
    Aug 2008
    Location
    Massachusetts
    Beans
    24
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Do images with embedded shells exist or are they theoretical constructs?

    Blargh. Nevermind. The PDF I linked has a link to such an example.

    GG reading comprehension.

  3. #3
    Join Date
    Jan 2008
    Location
    the space between spaces.
    Beans
    1,654

    Re: Do images with embedded shells exist or are they theoretical constructs?

    Hmm... not exactly in all situations but image loading programs can be exploited to execute code, ie a DOC file can be malformed to exploit code in Word, for example. Of course, such exploits are usually patched immediately. Also, TIFF files are commonly used as exploits on PS3's and the original installed for jailbreaking an iPhone was just a TIFF image used to exploit safari.
    "If a cluttered desk signs a cluttered mind, Of what, then, is an empty desk a sign?" -Albert Einstein.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •