Hi, i would like to ask you if you have done this or if you have tried this, what i'm looking for is how to hide the Javascript code into GIF Image. and yes it's possible. I found this image which given from a friend http://www.flickr.com/photos/matteocarli/589108973/ which shows that it's possible, but i don't have really any idea how to work on that thing.
I hope you can share if you know any, about it. thanks. It is possible I agree, however it is niether practicle nor feasible to do that since it uses end user browser's weak security. It can easily be used to launch cross site scripting attacks and the methods used are heavily associated with hacking or exploiting attempts. I would not recommend you to do this.
Could you show us a live example? Wouldn't the server have to run gif-files as php-files? Since it uses php to embed the javascript into the gif?
| cavey wrote: |
| Could you show us a live example? Wouldn't the server have to run gif-files as php-files? Since it uses php to embed the javascript into the gif? |
It is a php Vulnerbility in case of server side. The way it works is, either you embed code in a gif in then serve the file as .php. The other way is where a server allows you upload file i-e php files, image files etc. So you create gif file with embeded code in it and upload it to server, then that page gets served. However it is a very obvious security breach to serve .php files without checking the code but I have seen it being done.hi just a follow up for this tread, i'm trying to do some a hiding javascript code within the image file, but still it will execute the script... is there any other way to do it? If it's quite confidential please pm me an example. thanks.
Open note pad insert the script and save it as sumthing.jpg
Bind it with an image. it will work!
I've never heard of this happening. I don't think this is possible unless someone can link to a live example.
I can't exactly understand what the topic means. You mean while insert JS code into an GIF image and the script will still work fine? I don't believe it is possible, at leat for now. 
