Intro

PIL.ImageMath.eval() Evaluate expression in the given environment. For example:

$$a * 2$$

We can use this to take RCE so easy if the target uses PIL.ImageMath.eval in Pillow before 9.0.0

PoC

Instead using ImageMath.eval() for math opreations, we may insert exec() like this

ImageMath.eval("exec(exit())")

it will execute what's inside right away

Support

If you would like to support me with donation, I recommend you to give it to someone who really need it please. If you do so then consider that i earned your support.

Buy Me A Coffee