A server hosting dozens of popular file converter sites has been hacked | ZDNet
▻http://www.zdnet.com/article/dozens-of-online-file-converter-sites-are-unsafe-to-use-warns-researcher
Du danger de réaliser des transcodages sur un serveur extéireur : on ne maîtrise pas réellement ce qui nous est retourné.
The server was vulnerable to a year-old set of bugs found in the ImageMagick library, a popular tool used to convert images. The bugs, known collectively as “ImageTragick,” are extremely easy to exploit — in one case, as simple as uploading an image file containing four lines of code to the server. The bug is so serious that Facebook paid a record bug bounty to a researcher who found that the social network was vulnerable, and Yahoo stopped using the software altogether. Countless servers and websites remain unpatched to this day.
As soon as the image is uploaded, the code runs, opening up a bind shell on the server, which listens for commands or code from an attacker’s server.
Voir également ImageTragick ►https://imagetragick.com