Skip to content
Injects php payloads into jpeg images
Python
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
gd-jpeg.py Add files via upload Aug 29, 2017

README.md

php-jpeg-injector

Injects php payloads into jpeg images. Related to this post.

Use Case

You have a web application that runs a jpeg image through PHP's GD graphics library.

Description

This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image.

Usage

python gd-jpeg.py [JPEG] [PAYLOAD] [OUTPUT]

e.g. python gd-jpeg.py cat.jpeg <?php system($_GET["cmd"]);?> infected_cat.jpeg

How it works

PHP code is injected in the null/garbage (brown) space after the scan header:

header

The new infected jpeg is run through PHP's gd-library. PHP interprets the payload injected in the jpeg and executes it.

You can’t perform that action at this time.