GameWork73 Posted April 12, 2023 Share Posted April 12, 2023 This is the hidden content, please Sign In or Sign Up Introduction A few months ago, during a web application audit we noticed that the application was using the Python Image Library (PIL) to perform resizing on the uploaded images. With a bit of curiosity we went to read the code and stumbled on the src/PIL/EpsImagePulgin.py file, which is in fact a wrapper around the Ghostscript binary that is used to handle the Encapsulated PostScript file format. The Ghostscript binary is called from Python, which means that if we managed to find a vulnerability in Ghostscript, we could have access to the web server. As I was soon to realize, the Ghostscript binary is also used in other places, which means that finding a vulnerability was pretty interesting from an attacker point of view. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts