Inside ImageTragick: The Real Payloads Being Used to Hack Websites
Multiple vulnerabilities were discovered in ImageMagick, an image manipulation software, leading to the exploitation of CVE-2016-3714 by hackers. This vulnerability allows arbitrary code execution by hiding it inside uploaded image files. Cloudflare rolled out a WAF rule to protect its customers from this vulnerability. The most common payloads used by hackers include reconnaissance and remote access payloads, which enable them to gain control of the targeted machine. It is crucial for users of ImageMagick to upgrade as quickly as possible to be fully protected against this vulnerability.
Company
Cloudflare
Date published
May 9, 2016
Author(s)
John Graham-Cumming
Word count
1210
Language
English
Hacker News points
14