Skip to content

Commit

Permalink
Changed ImageMagick vulnerable machine to regular file upload
Browse files Browse the repository at this point in the history 
Gets image as input (png,jpg,gif) & runs vulnerable imagemagick
in order to create thumbnail of image (100x100).

Allows to perform a verification that uploaded a valid image
by checking image size.
  • Loading branch information
@themadhatter37
themadhatter37 committed Mar 8, 2018
1 parent 37138d9 commit 1395402
Show file tree
Hide file tree
Showing 8 changed files with 61 additions and 484 deletions.
14 changes: 8 additions & 6 deletions i/imagemagick/1/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM medicean/vulapps:base_lamp
FROM madhatter37/vulnerable_apps:base_lamp_1.0.0

COPY src/ImageMagick-6.7.9-10.tar.gz /tmp/ImageMagick-6.7.9-10.tar.gz
COPY src/imagick-3.3.0.tar.gz /tmp/imagick-3.3.0.tar.gz
Expand All @@ -12,11 +12,13 @@ RUN set -x \
&& tar -zxf /tmp/imagick-3.3.0.tar.gz -C /var/www/ \
&& tar -zxf /tmp/re2c-0.13.7.5.tar.gz -C /var/www/

COPY src/phpinfo.php /var/www/html/phpinfo.php
COPY src/testimag.php /var/www/html/testimag.php
COPY src/poc.php /var/www/html/poc.php
RUN mkdir /var/www/html/file_upload
RUN mkdir /var/www/html/file_upload/form
RUN mkdir /var/www/html/uploads
COPY src/index.php /var/www/html/index.php
COPY src/poc.png /poc.png
COPY src/poc.php /var/www/html/file_upload/poc.php
COPY src/upload.php /var/www/html/file_upload/form/upload.php
COPY src/default.png /var/www/html/uploads/default.png

RUN set -x \
&& chown -R www-data:www-data /var/www/html/ \
Expand Down Expand Up @@ -55,4 +57,4 @@ COPY src/start.sh /start.sh
RUN chmod a+x /start.sh

EXPOSE 80
CMD ["/start.sh"]
CMD ["/start.sh"]
Binary file added i/imagemagick/1/src/default.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 1395402

Please sign in to comment.