github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
Code Releases Activity

Update vulnerable versions to include 6.x (legacy)

Browse Source
This commit is contained in:
William Vu 2016-05-05 02:25:12 -05:00
parent 334c432901
commit 1bc2ec9c11
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/exploits/unix/fileformat/imagemagick_delegate.rb
View File

@ -14,7 +14,8 @@ class MetasploitModule < Msf::Exploit
'Name' => 'ImageMagick Delegate Arbitrary Command Execution',
'Description' => %q{
This module exploits a shell command injection in the way "delegates"
(commands for converting files) are processed in ImageMagick <= 7.0.1-0.
(commands for converting files) are processed in ImageMagick versions
<= 7.0.1-0 and <= 6.9.3-9 (legacy).
Since ImageMagick uses file magic to detect file format, you can create
a .png (for example) which is actually a crafted SVG (for example) that