Welcome to WebmasterWorld Guest from 107.23.176.162

Forum Moderators: phranque

Message Too Old, No Replies

ImageMagick Vulnerabilities Put Many Websites at Risk

     
10:57 am on May 4, 2016 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25900
votes: 871


It seems it took only 40-minites to create a working proof of concept exploit.

A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images.

The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages. Many social media and blogging sites, as well as a large number of content management systems, directly or indirectly rely on ImageMagick-based processing so they can resize images uploaded by end users. ImageMagick Vulnerabilities Put Many Websites at Risk [arstechnica.com]
They haven't issued any patches, but they did suggest website administrators add several lines of code to configuration files to block at least some of the possible exploits.


Here's the link to the code to prevent these exploits.

[imagemagick.org...]