CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
In this challenge, we explore the argument injection vulnerability CVE-2021-33564 discovered by ZX Security in Ruby Dragonfly. Dragonfly allows users to fetch images in different formats by leveraging ImageMagick. The ZX team found that it is possible to inject extra arguments into the command used to fetch images, enabling attackers to access local files and potentially other sensitive information.
Your objective in this lab is to exploit this argument injection vulnerability to read the file /myapp/key.txt
. By understanding how to manipulate the command arguments, you will gain insights into the potential risks and ways to mitigate such vulnerabilities in web applications.