CVE-2016-3714

This repository contains a functional exploit for CVE-2016-3714, an ImageMagick code execution vulnerability. It includes a payload builder (`imagick_builder.py`) and a PHP-based web shell (`imagick_bypass_shell.php`) designed to bypass disabled functions via the PHP Imagick extension.

This repository provides proof-of-concept exploits for CVE-2016-3714 (ImageTragick), leveraging MVG/SVG file formats to execute arbitrary code and establish a reverse shell. The PoC uses tools like bash, netcat, and PHP to demonstrate remote code execution (RCE) via maliciously crafted image files.

This repository contains an Ansible role designed to test and mitigate CVE-2016-3714, an ImageMagick command injection vulnerability. It includes tasks to exploit the vulnerability by creating a malicious image file and attempting to execute arbitrary commands, then verifies if the system is patched by checking for the presence of an injected file.

This repository contains a functional exploit for CVE-2016-3714, an ImageMagick code execution vulnerability. It includes a payload builder (`imagick_builder.py`) and a PHP-based web shell (`imagick_bypass_shell.php`) designed to bypass disabled functions via the PHP Imagick extension.

This repository contains a Puppet module that exploits CVE-2016-3714 by modifying the ImageMagick policy.xml file to bypass security restrictions. The exploit is executed via Puppet apply and is designed to work on Ubuntu 14.04 systems.

This PoC exploits CVE-2016-3714 (ImageTragick) by crafting a malicious MVG file that executes arbitrary commands via ImageMagick's 'convert' utility. The script demonstrates command injection by creating a file '/tmp/ImageTragick'.

This Metasploit module exploits a shell command injection vulnerability in ImageMagick by crafting malicious SVG, MVG, or MIFF files that execute arbitrary commands when processed. The exploit leverages file magic to mislead ImageMagick into executing embedded payloads.

This exploit demonstrates multiple vulnerabilities in ImageMagick, including remote code execution (RCE) via command injection in delegate commands, SSRF, file deletion, file moving, and local file read. The PoC leverages insufficient filtering in the 'delegate' feature and pseudo-protocols like 'ephemeral' and 'msl'.