dlegs/php-jpeg-injector dlegs/php-jpeg-injector

  • Stars
    star
    454
  • Rank 95,742 (Top 2 %)
  • Language
    Python
  • Created about 7 years ago
  • Updated almost 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dlegs/php-jpeg-injector
github

dlegs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Injects php payloads into jpeg images

php-jpeg-injector

Injects php payloads into jpeg images. Related to this post.

Use Case

You have a web application that runs a jpeg image through PHP's GD graphics library.

Description

This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image. Make sure your input jpeg is uncompressed!

Usage

python3 gd-jpeg.py [JPEG] [PAYLOAD] [OUTPUT_JPEG]

e.g. python3 gd-jpeg.py cat.jpeg '<?php system($_GET["cmd"]);?>' infected_cat.jpeg

How it works

PHP code is injected in the null/garbage (brown) space after the scan header:

header

The new infected jpeg is run through PHP's gd-library. PHP interprets the payload injected in the jpeg and executes it.

More Repositories

1

Optimal-Piano-Fingering-Algorithm

C Program that takes a song as input and uses dynamic programming to produce the optimal finger placement for each note.
C
5
star
2

frida-scripts

Collection of frida scripts for iOS application exploitation
JavaScript
1
star
3

bounty-hunter

E2E Bug Bounty Platform
Go
1
star
4

Log-Structured-File-System-Sim

Simulates linux based Log Structured File System. Users can add files to system and perform operations on them.
C
1
star