dEEpEst Posted May 29, 2016 Share Posted May 29, 2016 [HIDE-THANKS]A vulnerability was found in Imagemagick where insufficient filtering for filenames passed to a delegate's command allows remote code execution during the conversion of several file formats. Background Information Imagemagick allows the processing of files with external libraries. This feature is called "delegate". It is implemented as a system() call with a command string ('command') from the config file delegates.xml with actual values for different parameters (input/output/filename, etc.). Because the %M parameter is insufficiently filtered, it is possible to inject shell commands. One of the default delegate commands uses the following to handle HTTPS requests: "wget" -q -O "%o" "https:%M" where %M is the actual link from the input. If wget or curl are installed, it is possible to pass the value "https://example.com" |ls "-la" and unexpectedly execute 'ls -la'. This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] Link to comment Share on other sites More sharing options...
jainer Posted May 31, 2016 Share Posted May 31, 2016 Re: Exploit ImageTragick in vBulletin using BurpSuite and Metasploit [HIDE-THANKS][/HIDE-THANKS] Link to comment Share on other sites More sharing options...
lupa78 Posted July 21, 2016 Share Posted July 21, 2016 Re: Exploit ImageTragick in vBulletin using BurpSuite and Metasploit quiero aprender no me impora el tiempo que lleve Link to comment Share on other sites More sharing options...
Recommended Posts