LFI using php injected JPG

This is a lame technique used by the most part of script kiddies defacers. The main idea here is to exploit vulnerable website to php include. The targets servers are those who allow people to upload their avatar. The attack is self explainatory. Write malicious code into avatar.jpg, inject it and include link page to this .jpg. Server will then execute the command hidden within .jpg.

Many many servers are defaced using this technique.

I've seen many automated brazilian tools than scan in google for vulnerable targets and then help you out to deface their page with specific message.

But this is only script kiddies way of life but not related to what is the real philosophy of "hacking" is.

Personally, i dont like the videos that disclose these techniques.
For example, most script kiddies can not use Metasploit 3.0 because it is hard for them to understand the essence of this software and how it really works. And since (i hope hdmoore will stop supporting the web console interface) it is not a push button tool they are miles from tuning it and exploiting it. Now, i've seend someone has posted many videos about automating metasploit (using autopwn) against windows TCP 445. You can imagine then that kiddies will just mimic this and flood servers with lame attacks !!!

It's a mod_php misconfiguration where all files are treated as PHP scripts and parsed for PHP code.

Well thanks for the responses, it seems like a very simple attack - and I thought I was missing something :p As for autopwn attacks (and those of a similar concept) its very sad to see. There is nothing worse than seeing someone who doesn't know what their doing, able to pull of such as devastating and pointless attack.