PNG-IDAT-Payload-Generator icon indicating copy to clipboard operation
PNG-IDAT-Payload-Generator copied to clipboard

Published 20 hours ago verified publisher icon huntergregal

Possible with different file sizes?

Open ldionmarcil opened this issue 8 years ago • 5 comments

Hey, I have found a vector vulnerable to this bug but requires specific sizes (ie 1000x1000, or 100x100). Did you have in mind to add this as a feature?

ldionmarcil avatar Jan 18 '17 07:01 ldionmarcil

Did you find a solution for this problem?!

Nader-abdi avatar Jan 08 '23 17:01 Nader-abdi

Hey, I have found a vector vulnerable to this bug but requires specific sizes (ie 1000x1000, or 100x100). Did you have in mind to add this as a feature?

.

Nader-abdi avatar Jan 08 '23 17:01 Nader-abdi

Let me take a peek at this. This tool could use a little review anyway.

huntergregal avatar Jan 27 '23 16:01 huntergregal

yes thank you

Nader-abdi avatar Jan 27 '23 18:01 Nader-abdi

Looked a bit at this today - I was able to generate payloads up to 63x63 but it's pretty iffy.

I suspect at larger pixel sizes there are more PNG filters that can apply - and potentially more than 1. Unfortunately generating larger images at this time is not going to be a simple task.

see: http://www.libpng.org/pub/png/spec/1.2/PNG-Filters.html

idontplaywith darts was able to coerce most encoders to always use the filter of our choice (this is the bypass_filters() passes in the code - improved upon by others in this repo).

But once you get to larger images I think various encoders will start to do their own optimizations and potentially pass the image through other filters. (there are 5 in total). Support for this is non-trivial.

huntergregal avatar Jan 28 '23 02:01 huntergregal