Exploiting Python PIL Module Command Execution Vulnerability
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
1.png
2.png
Dockerfile
Exploiting-Python-PIL-Module-Command-Execution-Vulnerability.md
docker-compose.yml
ghostscript-9.21-linux-x86_64.tgz
poc.png
readme.md
readme.md.2

readme.md

Exploiting Python PIL Module Command Execution Vulnerability

攻击由 PIL 开发的 Python 应用, 并达到远程命令执行的效果。这个项目用来放paper和实验所用到的源码和Dockerfile。

Paper : https://xianzhi.aliyun.com/forum/topic/44

Vulhub: https://github.com/vulhub/vulhub/tree/master/python/PIL-CVE-2017-8291

Install

git clone https://github.com/neargle/PIL-RCE-By-GhostButt.git && cd PIL-RCE-By-GhostButt
docker-compose build
docker-compose up -d

View http://localhost:8000/, upload poc.png.

More info : paper.md