dlegs/php-jpeg-injector: Injects php payloads into jpeg images
2020-03-30 20:48:09 Author: github.com(查看原文) 阅读量:786 收藏

Injects php payloads into jpeg images. Related to this post.

You have a web application that runs a jpeg image through PHP's GD graphics library.

This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image.

python gd-jpeg.py [JPEG] [PAYLOAD] [OUTPUT]

e.g. python gd-jpeg.py cat.jpeg <?php system($_GET["cmd"]);?> infected_cat.jpeg

PHP code is injected in the null/garbage (brown) space after the scan header:

header

The new infected jpeg is run through PHP's gd-library. PHP interprets the payload injected in the jpeg and executes it.


文章来源: https://github.com/dlegs/php-jpeg-injector
如有侵权请联系:admin#unsafe.sh