Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-29599 PoC — Imagemagick Studio ImageMagick 安全漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/ImageMagick%20PDF%E5%AF%86%E7%A0%81%E4%BD%8D%E7%BD%AE%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2020-29599.md
Associated Vulnerability
Title:Imagemagick Studio ImageMagick 安全漏洞 (CVE-2020-29599)
Description:Imagemagick Studio ImageMagick是美国ImageMagick Studio(Imagemagick Studio)公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 6.9.11-40版本和7.x版本和7.0.10-40之前版本存在安全漏洞,该漏洞源于错误地处理了-authenticate选项,该选项允许为受密码保护的PDF文件设置密码。用户控制的密码没有被正确地转义,因此有可能通过程序员的pdf.c注入额外的shell命令。
File Snapshot

 # ImageMagick PDF密码位置命令注入漏洞 CVE-2020-29599 

## 漏洞描述

ImageMagick是一款使用量很广的图片处理程序,很多厂商都调用了这个程序进行图片处理,

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.