mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
4.6 KiB
4.6 KiB
CVE-2016-3714
Description
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
POC
Reference
- http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
- http://www.openwall.com/lists/oss-security/2016/05/03/13
- http://www.openwall.com/lists/oss-security/2016/05/03/18
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- https://imagetragick.com/
- https://www.exploit-db.com/exploits/39767/
- https://www.exploit-db.com/exploits/39791/
- https://www.imagemagick.org/script/changelog.php
- https://www.kb.cert.org/vuls/id/250519
Github
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Aukaii/notes
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Fa1c0n35/Web-CTF-Cheatshee
- https://github.com/GhostTroops/TOP
- https://github.com/HoangKien1020/PoC-Collection
- https://github.com/Hood3dRob1n/CVE-2016-3714
- https://github.com/ImageTragick/PoCs
- https://github.com/JERRY123S/all-poc
- https://github.com/JoshMorrison99/CVE-2016-3714
- https://github.com/LeCielBleu/SecurityDocs
- https://github.com/MR-lover/test
- https://github.com/MaaxGr/MaaxGr
- https://github.com/Macr0phag3/Exp-or-Poc
- https://github.com/Mealime/carrierwave
- https://github.com/MrrRaph/pandagik
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/RClueX/Hackerone-Reports
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SgtMate/container_escape_showcase
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/YgorAlberto/Ethical-Hacker
- https://github.com/YgorAlberto/ygoralberto.github.io
- https://github.com/ZTK-009/collection-document
- https://github.com/Zxser/Web-CTF-Cheatsheet
- https://github.com/artfreyr/wp-imagetragick
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/barrracud4/image-upload-exploits
- https://github.com/carrierwaveuploader/carrierwave
- https://github.com/chusiang/CVE-2016-3714.ansible.role
- https://github.com/cobwebkanamachi/ImageMagick-how2fix-jessie-
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/dai5z/LBAS
- https://github.com/dazralsky/carrierwave
- https://github.com/duckstroms/Web-CTF-Cheatsheet
- https://github.com/eeenvik1/kvvuctf_26.04
- https://github.com/framgia/carrierwave
- https://github.com/gipi/cve-cemetery
- https://github.com/heckintosh/modified_uploadscanner
- https://github.com/hecticSubraz/Network-Security-and-Database-Vulnerabilities
- https://github.com/hktalent/TOP
- https://github.com/imhunterand/hackerone-publicy-disclosed
- https://github.com/jackdpeterson/imagick_secure_puppet
- https://github.com/jbmihoub/all-poc
- https://github.com/jpeanut/ImageTragick-CVE-2016-3714-RShell
- https://github.com/landlock-lsm/workshop-imagemagick
- https://github.com/libreops/librenet-ansible
- https://github.com/lnick2023/nicenice
- https://github.com/mengdaya/Web-CTF-Cheatsheet
- https://github.com/mmomtchev/magickwand.js
- https://github.com/modzero/mod0BurpUploadScanner
- https://github.com/mrhacker51/FileUploadScanner
- https://github.com/navervn/modified_uploadscanner
- https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document
- https://github.com/padok-team/dojo-kubernetes-security
- https://github.com/password520/collection-document
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/rebujacker/CVEPoCs
- https://github.com/shelld3v/RCE-python-oneliner-payload
- https://github.com/silentsignal/burp-image-size
- https://github.com/snyk-labs/container-breaking-in-goof
- https://github.com/stuffedmotion/mimemagic
- https://github.com/superfish9/pt
- https://github.com/tom0li/collection-document
- https://github.com/tommiionfire/CVE-2016-3714
- https://github.com/vulnbank/vulnbank
- https://github.com/w181496/Web-CTF-Cheatsheet
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/xbl3/awesome-cve-poc_qazbnm456