Inside ImageTragick: The Real Payloads Being Used to Hack Websites

Multiple vulnerabilities were discovered in ImageMagick, an image manipulation software, leading to the exploitation of CVE-2016-3714 by hackers. This vulnerability allows arbitrary code execution by hiding it inside uploaded image files. Cloudflare rolled out a WAF rule to protect its customers from this vulnerability. The most common payloads used by hackers include reconnaissance and remote access payloads, which enable them to gain control of the targeted machine. It is crucial for users of ImageMagick to upgrade as quickly as possible to be fully protected against this vulnerability.