This talk looks at the details of ImageTragick, how Ruby on Rails applications may be affected, and steps to mitigate the problem. A live demonstration of the vulnerability was performed on a Rails application as part of the original presentation at WellRailed.
ImageTragick is a collection of security vulnerabilities publicly disclosed in May 2016 that affected the ImageMagick image processing library. The most critical vulnerability potentially allowed an attacker to gain remote access to a system by uploading a file to an exposed web application.
Presented at WellRailed on 26 May 2016 — https://www.meetup.com/wellrailed/events/231113047
Sample vulnerable Rails application and Docker image — https://github.com/gchan/imagetragick-rails
Blog post — https://blog.devgordon.com/imagetragick-and-rails/