Open sighook opened 1 year ago
Since we already have IDAT chunk injection that survives the various post-filtering techniques like PHP-GD compression, PHP-GD resizing, and ImageMagick resizing (unlike PLTE & tEXt), this is not a hot issue. But, nice to have more options.
https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html Credits to Quentin Roland.
Description:
Since we already have IDAT chunk injection that survives the various post-filtering techniques like PHP-GD compression, PHP-GD resizing, and ImageMagick resizing (unlike PLTE & tEXt), this is not a hot issue. But, nice to have more options.
Reference:
https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html Credits to Quentin Roland.