Possible with different file sizes? #2
Comments
|
Did you find a solution for this problem?! |
. |
|
Let me take a peek at this. This tool could use a little review anyway. |
|
yes thank you |
|
Looked a bit at this today - I was able to generate payloads up to 63x63 but it's pretty iffy. I suspect at larger pixel sizes there are more PNG filters that can apply - and potentially more than 1. Unfortunately generating larger images at this time is not going to be a simple task. see: http://www.libpng.org/pub/png/spec/1.2/PNG-Filters.html idontplaywith darts was able to coerce most encoders to always use the filter of our choice (this is the bypass_filters() passes in the code - improved upon by others in this repo). But once you get to larger images I think various encoders will start to do their own optimizations and potentially pass the image through other filters. (there are 5 in total). Support for this is non-trivial. |
Hey, I have found a vector vulnerable to this bug but requires specific sizes (ie 1000x1000, or 100x100). Did you have in mind to add this as a feature?
The text was updated successfully, but these errors were encountered: