How is an image created by a PHP script?

Question

I was looking at an possibly fraudulent eBay auction. However I am confused by an image within it, since it does not appear to be an image.

youneedtobuy.intothis.org/win.php

The complete HTML content of the url above is:

<body>
<img src="http://youneedtobuy.intothis.org/win.php" >
</body>

Here is a screen copy of the image, with the email address blurred out by me. There is no JS scripting, no CSS to speak of, just one line of code.

So, essentially the scammer can insert an 'image' into their eBay ad, and that image won't be scanned by normal tools.

How is this image created? And how could the friendly folks at ebay include a scanner in their system that has the ability to "see" this image (and preclude the scam from re-occurring?)

Answer 1

The image is likely created using PHP's file_get_contents() function. For example, the following PHP script will display the contents of myimage.jpg to the browser, but the file could be called show-image.php:

<?php
header("Content-Type: image/jpeg");
header("Content-Length: ".(string)(filesize('myimage.jpg')));

echo file_get_contents('myimage.jpg');
?>

As you can see, this is achieved by telling PHP to serve up the image/jpeg MIME type.

Answer 2

Any image can be returned by a script instead of a real file.

An alternative answer shows methods of doing this, but by using a script one can serve different images to different users, log IP address and other information thus tracking viewers etc.

It is also a common technique used to return thumbnail or summary images. e.g. using PHP and ImageMagick to generate an image of the first page of a PDF file.

Incidentally the image will be scanned by normal tools - they simply look for the image tags, not what extension the file has. What you are really saying is that the text contained within the image won't be processed or analysed, and the image does invite you to directly connect to someone, which is against eBays terms and conditions.