infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update vulnerable versions to include 6.x (legacy)

bug/bundler_fix
William Vu 2016-05-05 02:25:12 -05:00
parent 334c432901
commit 1bc2ec9c11
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/exploits/unix/fileformat/imagemagick_delegate.rb
View File

@ -14,7 +14,8 @@ class MetasploitModule < Msf::Exploit
'Name' => 'ImageMagick Delegate Arbitrary Command Execution',
'Description' => %q{
This module exploits a shell command injection in the way "delegates"
(commands for converting files) are processed in ImageMagick <= 7.0.1-0.
(commands for converting files) are processed in ImageMagick versions
<= 7.0.1-0 and <= 6.9.3-9 (legacy).
Since ImageMagick uses file magic to detect file format, you can create
a .png (for example) which is actually a crafted SVG (for example) that