You can not
embed a script in an image! An image is just that: An image. It can't contain anything else.
admin rights ... upload a shell ... all the site will go down .. and even the hosting company server that hosts the site ...
thats if the hacker was a samrt one and wannet to do that
Sounds like a script kiddie to me