HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Shell in the Ghost: Ghostscript CVE-2023-28879 writeup

Status
Not open for further replies.
G

GameWork73

Noob
User
Joined
Mar 19, 2023
Messages
10
Reputation
0
Reaction score
8
Points
3
Credits
0
‎2 Years of Service‎
100%
screenshot-11598.png


Introduction

A few months ago, during a web application audit we noticed that the application was using the Python Image Library (PIL) to perform resizing on the uploaded images. With a bit of curiosity we went to read the code and stumbled on the src/PIL/EpsImagePulgin.py file, which is in fact a wrapper around the Ghostscript binary that is used to handle the Encapsulated PostScript file format.

The Ghostscript binary is called from Python, which means that if we managed to find a vulnerability in Ghostscript, we could have access to the web server. As I was soon to realize, the Ghostscript binary is also used in other places, which means that finding a vulnerability was pretty interesting from an attacker point of view.

To see this hidden content, you must like this content.
 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top