Are Your Web Applications Vulnerable to ImageTragick? Scan Them with Netsparker

Both the desktop edition and the online edition of Netsparker web application security scanner have been updated and can automatically detect the Remote Code Execution via file upload vulnerability in ImageMagick, which has been dubbed as ImageTragick.

Both the Netsparker Desktop and Netsparker Enterprise web application security scanners have been updated and can automatically check if a target web application or web service is vulnerable to the Remote Code Execution via file upload in ImageMagick.

What is ImageTragick?

Another day and another popularized vulnerability, or better, a collection of vulnerabilities. MagicTragick is a collection of vulnerabilities in a popular software suite called ImageMagick, which is used to resize, flip, mirror and do other image manipulation work.

Remote Code Execution in MagicTragick

One of the vulnerabilities is a direct impact one and can lead to a Remote Code Execution. In other words, an attacker can upload an image tampered with malicious code and once the vulnerability is exploited the attacker can execute code remotely. For more detailed information on ImageTragick refer to the vulnerability’s website.

Scan Your Websites with Netsparker Web Application Security Scanners

ImageMagick is very popular library and is used by many web services, WordPress plugins and other non PHP web applications. Scan all your web applications and web services with Netsparker to find out if they are vulnerable.

If you have a large number of websites you can use Netsparker Enterprise, which can easily scale up and scan hundreds and thousands of websites for security flaws within just a few hours.

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.