Jump to content

Falha de Segurança - ImageMagick


Revenge
 Share

Recommended Posts

Parece que esta falha de segurança está a ser uma festa. Apenas precisam de encontrar sites que permitam o upload de imagens(qualquer forum permite). Depois é só esperar que estejam a usar o ImageMagick ao invés do GD.

Quote

Hackers only need to find websites that allow users to upload photos

Because ImageMagick is at the base of many image processing libraries and modules, used across a large number of programming languages like Ruby, JavaScript, PHP, Java, and more, any website, running on any platform is vulnerable to this zero-day.

The only condition is that users are allowed to upload files to the server, and a large number of websites do via "user avatar" options.

The researchers declined to reveal any clues regarding the exploitation routine, but based on the mitigation advice, it involves magic bytes and ImageMagick coders.

Magic bytes are the first few bytes of a file used programmatically to identify the image type (GIF, JPEG, PNG, etc.). ImageMagick coders are ImageMagick modules that read and write data to specific image file types.

The researchers said that there's an RCE (Remote Code Execution) bug somewhere in there, that allows attackers to write code to the server. If an attacker is skilled enough, he can upload a malicious image, which uses the zero-day to write a webshell to disk and uses it to take over control of the entire server.

 

Link to comment
Share on other sites

35 minutes ago, cRaZyzMaN said:

tanto site que nunca faz updates e vai continuar com a falha

isto vem a public, imagino o que se andou a fazer antes

Pouca gente tinha acesso ao exploit antes de ter sido tornado publico. Mas alguns servidores devem ter sido hackados, sem duvida alguma.

Agora praticamente toda a gente que ande nessa vida, vai ter acesso ao exploit e certamente os script kiddies vão começar a hackar servidores a torto e a direito. Basta procurar no Google, por Wordpress, Invision, Xenforo, vBulletin etc etc, e depois é só tentar. A maioria deve cair lol

A Invision já informou que está a analisar este assunto internamente e eu sugeri que se a Suite detectar a versão 6.9.3.9 ou inferior, forçar o uso do GD. Se detectar a versão 6.9.3.10(saiu hoje), meter o ImageMagick por defeito com a possibilidade de trocar para GD. Ia ajudar a mitigar este problema.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.