Difference between revisions of "Beyond Printers"
From Hacking Printers
(Created page with "First: "Tiger Test" If the website allows image uploads, try renaming tiger.eps to tiger.jpg and upload it (works if ImageMagick's "convert" is used in the background and the...") |
|||
| Line 4: | Line 4: | ||
If the website allows PDF uploafs, try renaming tiger.eps to tiger.pdf and upload it (works if Ghostscript is used in the background and the web application does not check the file header, %PDF- is okay!) | If the website allows PDF uploafs, try renaming tiger.eps to tiger.pdf and upload it (works if Ghostscript is used in the background and the web application does not check the file header, %PDF- is okay!) | ||
| + | |||
| + | |||
| + | == Web Applications == | ||
| + | |||
| + | -> just use cheat sheet | ||
| + | |||
| + | == Print Servers == | ||
| + | |||
| + | -> just use cheat sheet | ||
| + | |||
| + | == Desktop Applications == | ||
| + | |||
| + | -> harder because of backchannel; thunderbird-convert? | ||
| + | Hard to get a backchannel if no CVE | ||
Revision as of 11:13, 2 January 2017
First: "Tiger Test"
If the website allows image uploads, try renaming tiger.eps to tiger.jpg and upload it (works if ImageMagick's "convert" is used in the background and the web application does not check the file header, see ImageTragick)
If the website allows PDF uploafs, try renaming tiger.eps to tiger.pdf and upload it (works if Ghostscript is used in the background and the web application does not check the file header, %PDF- is okay!)
Web Applications
-> just use cheat sheet
Print Servers
-> just use cheat sheet
Desktop Applications
-> harder because of backchannel; thunderbird-convert? Hard to get a backchannel if no CVE
