Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 

readme.md

Exploiting Python PIL Module Command Execution Vulnerability

攻击由 PIL 开发的 Python 应用, 并达到远程命令执行的效果。这个项目用来放paper和实验所用到的源码和Dockerfile。

Paper : https://xianzhi.aliyun.com/forum/topic/44

Vulhub: https://github.com/vulhub/vulhub/tree/master/python/PIL-CVE-2017-8291

Install

git clone https://github.com/neargle/PIL-RCE-By-GhostButt.git && cd PIL-RCE-By-GhostButt
docker-compose build
docker-compose up -d

View http://localhost:8000/, upload poc.png.

More info : paper.md

About

Exploiting Python PIL Module Command Execution Vulnerability

Resources

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.