Skip to content

gchan/imagetragick-rails

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

app

app

 
 

bin

bin

 
 

config

config

 
 

db

db

 
 

lib

lib

 
 

log

log

 
 

public

public

 
 

test

test

 
 

vendor/assets

vendor/assets

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

config.ru

config.ru

 
 

docker-compose.yml

docker-compose.yml

 
 

entrypoint.sh

entrypoint.sh

 
 

Repository files navigation

ImageTragick Rails (gordonchan/imagetragick-rails)

A sample Rails application to demonstrate the ImageTragick vulnerabilities as part of talk I gave at WellRailed on 26 May 2016.

Slides: https://speakerdeck.com/gchan/imagetragick-and-rails

Available as a Docker image gordonchan/imagetragick-rails.

Quick start (Docker)

To start an instance of the application in a Docker container:

$ docker-compose up

Alternatively:

$ docker run --rm -p 3131:3000 --name imagetragick -e SECRET_KEY_BASE=d41c2ab288fdefcd779ca19a1fa2dec39f21f945ad8c44770c4e4731c090e3e34643b9eb012c80739fc362cb44a44296b1e1d145eb76880f0e2cfc4ee4e301a1 gordonchan/imagetragick-rails

The application is accessible through port 3131 on the Docker host IP. The default IP is 192.168.99.100 but you can find yours by using docker-machine ip

License

imagetragick-rails is Copyright (c) 2016 Gordon Chan and is released under the MIT License. It is free software, and may be redistributed under the terms specified in the LICENSE file.

Analytics

About

A sample Rails application (and Docker image) to demonstrate the ImageTragick vulnerabilities

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages