/plushcap/analysis/cloudflare/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2

Inside ImageTragick: The Real Payloads Being Used to Hack Websites

What's this blog post about?

Multiple vulnerabilities were discovered in ImageMagick, an image manipulation software, leading to the exploitation of CVE-2016-3714 by hackers. This vulnerability allows arbitrary code execution by hiding it inside uploaded image files. Cloudflare rolled out a WAF rule to protect its customers from this vulnerability. The most common payloads used by hackers include reconnaissance and remote access payloads, which enable them to gain control of the targeted machine. It is crucial for users of ImageMagick to upgrade as quickly as possible to be fully protected against this vulnerability.

Company
Cloudflare

Date published
May 9, 2016

Author(s)
John Graham-Cumming

Word count
1210

Language
English

Hacker News points
14


By Matt Makai. 2021-2024.