{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 欢心 的问题《I found a PHP script in a GIF file》','https://www.manongdao.com/q-1370867.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is it possible for a PHP script to be inside a GIF file? I found one when I opened a .gif file in notepad++.
相关问题
- Views base64 encoded blob in HTML with PHP
- Laravel Option Select - Default Issue
- PHP Recursively File Folder Scan Sorted by Modific
- Can php detect if javascript is on or not?
- Using similar_text and strpos together
I've seen this done (although usually with the .jpg extension) for serving images from a database...
Assuming your using apache, you just have to tell apache to process that specific file as if it were php.
Finding php in a gif file could indicate someone is trying to attack you're server. This is an interesting read about secure file upload and php.
The file extension doesn't need to be the same as the file contents, so yes it's possible to save a text file or PHP file with the .gif extension. It won't (usually?) show as an image in a browser or other application, and nor is it likely to run as a PHP file on a web server unless the server has specifically been configured this way.
The benefits of doing this aren't clear to me unless it's used as a sneaky way to try and execute PHP code via an image upload form, where the server has been configured to execute .gif files as scripts (i.e. any extension goes).
You could always use mod rewrite to change the file extension if thats what your getting at?
Actually, there are a couple of things that are possible (and commonly used for things like hit counters.)
Consider this:
myPicture.php might look like this:
So, the output of your PHP script is not ASCII text (or HTML), it is the binary of a .png file. Thus the header() is set to indicate this, and the imagepng() functions shown actually output the raw PNG image data. (example lifted from here).
Another option, which others have mentioned involves a "normal" image tag:
Notice this ends in ".png". In this case, the web server would have to be configured so that it parsed not only .php files as executable PHP code, but also .png files. Your code would look the same, but it would be wrapped in "myPicture.png" rather than ".php".