Skip to content

dlegs/php-jpeg-injector

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
Update README.md
November 27, 2020 20:20
gd-jpeg.py
Update gd-jpeg.py
November 27, 2020 20:19
php-jpeg-injector Use Case Description Usage How it works

README.md

php-jpeg-injector

Injects php payloads into jpeg images. Related to this post.

Use Case

You have a web application that runs a jpeg image through PHP's GD graphics library.

Description

This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image. Make sure your input jpeg is uncompressed!

Usage

python3 gd-jpeg.py [JPEG] [PAYLOAD] [OUTPUT_JPEG]

e.g. python3 gd-jpeg.py cat.jpeg '<?php system($_GET["cmd"]);?>' infected_cat.jpeg

How it works

PHP code is injected in the null/garbage (brown) space after the scan header:

header

The new infected jpeg is run through PHP's gd-library. PHP interprets the payload injected in the jpeg and executes it.

About

Injects php payloads into jpeg images

Resources

Readme
Activity

Stars

441 stars

Watchers

22 watching

Forks

153 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages