Php-Jpeg-Injector - Injects Php Payloads Into Jpeg Images

Injects php payloads into jpeg images. Related to this post.

Use Case

You have a web application that runs a jpeg image through PHP’s GD graphics library.

Description

This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image. Make sure your input jpeg is uncompressed!

Usage

python3 gd-jpeg.py [JPEG] [PAYLOAD] [OUTPUT_JPEG]

e.g. python3 gd-jpeg.py cat.jpeg '<?php system($_GET["cmd"]);?>' infected_cat.jpeg

How it works

PHP code is injected in the null/garbage (brown) space after the scan header:

The new infected jpeg is run through PHP’s gd-library. PHP interprets the payload injected in the jpeg and executes it.

Download Php-Jpeg-Injector

Hacker Gadgets

Php-Jpeg-Injector – Injects Php Payloads Into Jpeg Images

Leave a Reply Cancel reply

Apk.Sh – Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK

Decider – A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

ThunderCloud – Cloud Exploit Framework

Waf-Bypass – Check Your WAF Before An Attacker Does

Product categories