dlegs / php-jpeg-injector Goto Github PK
View Code? Open in Web Editor NEWInjects php payloads into jpeg images
Injects php payloads into jpeg images
Hello again,
I think I spotted a mistake, line 28 of gd-jpeg.py.
str.find returns -1 if no match is found, and -1 evaluates to True.
So whether or not the magic number is found,
In case the magic number is not here, the code will be injected in position 9 = len(magic) - 1
if loc:
print("Found magic number.")
return loc
Hi bro !
I used your script today in order to inject Html or php code into .jpg but i got this error below when I ran it
[ ] Searching for magic number...
[-] Magic number not found. Exiting.
Can you tell me more please, I true I'm trying to inject malicious code in image for take a access to my whatsapp (app)
like in this post : https://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
merci
Hey there, thanks a lot for this snippet!
It got me kickstarted with steganography while I thought it was out of reach :)
I had a few issues running it though, here's one about type mismatching:
Traceback (most recent call last):
File "gd-jpeg.py", line 53, in <module>
main()
File "gd-jpeg.py", line 18, in main
inject_payload(jpeg, loc, payload, output)
File "gd-jpeg.py", line 37, in inject_payload
bin_payload = bin(int(binascii.hexlify(payload),16))
TypeError: a bytes-like object is required, not 'str'
doesn't open the cmd in w10, python 3.11
https://github.com/Himel-Sarkar/issuissues-/blob/main/php2jpg_issues.PNG?raw=true
==================================== issue ============================
C:\Users\Himel\AppData\Local\Temp\a\php2jpg>dir/b
2.jpeg
cat.jpg
gd-jpeg.py
php-jpeg-injector-master.zip
C:\Users\Himel\AppData\Local\Temp\a\php2jpg>py gd-jpeg.py cat.jpeg '<?php system($_GET["cmd"]);?>' infected_cat.jpeg
The filename, directory name, or volume label syntax is incorrect.
C:\Users\Himel\AppData\Local\Temp\a\php2jpg>python3 gd-jpeg.py cat.jpeg '<?php system($_GET["cmd"]);?>' infected_cat.jpeg
The filename, directory name, or volume label syntax is incorrect.
As i read the PoC of fakhrizulkifli i noticed your script isn't inserting the payload where it should be inserting which is "The place to be put PHP backdoor is right after the Scan Header (00 0C 03 01 00 02 11 03 11 00 3F 00)" according to fakhrizulkifli.
it instead inserts the payload to 3c 3f on my case
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.