Last Updated on Tuesday, 16 July 2013 14:12
Written by Rob Turner
A few days ago, Peter Gramantik from Securi's research team found a very interesting backdoor on a compromised site. This backdoor didn’t rely on the normal patterns to hide its content (like base64/gzip encoding), but stored its data in the EXIF headers of a JPEG image. It also used the exif_read_data and preg_replace PHP functions to read the headers and execute itself.