This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Both the Netsparker Desktop and Netsparker Enterprise web application security scanners have been updated and can automatically check if a target web application or web service is vulnerable to the Remote Code Execution via file upload in ImageMagick.
What is ImageTragick?
Another day and another popularized vulnerability, or better, a collection of vulnerabilities. MagicTragick is a collection of vulnerabilities in a popular software suite called ImageMagick, which is used to resize, flip, mirror and do other image manipulation work.
Remote Code Execution in MagicTragick
One of the vulnerabilities is a direct impact one and can lead to a Remote Code Execution. In other words, an attacker can upload an image tampered with malicious code and once the vulnerability is exploited the attacker can execute code remotely. For more detailed information on ImageTragick refer to the vulnerability's website.
Scan Your Websites with Netsparker Web Application Security Scanners
ImageMagick is very popular library and is used by many web services, WordPress plugins and other non PHP web applications. Scan all your web applications and web services with Netsparker to find out if they are vulnerable.
If you have a large number of websites you can use Netsparker Enterprise, which can easily scale up and scan hundreds and thousands of websites for security flaws within just a few hours.
Your Information will be kept private.