CVE-2016-3714 PoC — ImageMagick 输入验证错误漏洞

Source

https://github.com/jpeanut/ImageTragick-CVE-2016-3714-RShell

Associated Vulnerability

Title:ImageMagick 输入验证错误漏洞 (CVE-2016-3714)
Description:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 6.9.3-10之前版本和7.0.1-1之前7.x版本存在输入验证错误漏洞，该漏洞源于程序没有充分过滤用户传入的shell字符。攻击者可通过上传恶意的图像利用该漏洞执行任意代码，获取敏感信息。

Readme

#ImageTragick-CVE-2016-3714-RShell
These are CVE-2016-3714 mvg/svg POCs using bash, nc, php and other tools to build a reverse shell.
#Declaration
For research and ethical hacking only...
#Usage
1. Server Side : nc -l - p [port number]
2. upload the pictures to vul sites

#Acknowledge
Thankd ding@virgoTeam for providing php reverseshell POC
#Reference
https://imagetragick.com/

                                                jpeanut@VirgoTeam

File Snapshot


 [4.0K]  /data/pocs/89ef51df13b6516d223bf1c34e04321ffe195c51
├── [4.0K]  bash
│   ├── [ 149]  bash.mvg
│   ├── [ 485]  bash.svg
│   ├── [ 479]  mv_bash.svg
│   └── [ 157]  mv_sh.mvg
├── [4.0K]  detector
│   ├── [ 125]  curl.mvg
│   ├── [ 149]  dns.mvg
│   ├── [ 127]  ping.mvg
│   ├── [ 137]  telnet.mvg
│   └── [ 125]  wget.mvg
├── [4.0K]  nc
│   ├── [ 142]  nc.mvg
│   └── [ 461]  nc.svg
├── [4.0K]  perl
│   └── [ 431]  perl.mvg
├── [4.0K]  php
│   └── [ 564]  php.svg
├── [4.0K]  python
│   └── [ 384]  python.mvg
└── [ 447]  README.md

6 directories, 15 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!