Post Reply image-processing vulnerability
10580 cr points
Send Message: Send PM GB Post
Rabbit Horse
Online
Posted 5/4/16
so apparently there's now a vulnerability with ImageMagick, which is used by many sites to resize the uploaded images by the users. the attacker would disguise the malicious code as an image file, and the code would be executed. experts already made proof-of-concept exploit of this vulnerability.

[quote=Ars Technica]
recent versions of ImageMagick don't properly filter the uploaded file names before passing them to the server processes such as HTTPS. The ommission allows attackers to execute commands of their choosing, leading to a full remote command capability.


source: http://arstechnica.com/security/2016/05/easily-exploited-bug-exposes-huge-number-of-sites-to-code-execution-attacks/
16723 cr points
Send Message: Send PM GB Post
Hoosierville
Offline
Posted 5/4/16
Interesting. Hopefully they are running imagemagick as a user with low level permissions so they can't do much even with the exploit
You must be logged in to post.