Skip to content

A sample Rails application (and Docker image) to demonstrate the ImageTragick vulnerabilities

License

Notifications You must be signed in to change notification settings

gchan/imagetragick-rails

Repository files navigation

ImageTragick Rails (gordonchan/imagetragick-rails)

A sample Rails application to demonstrate the ImageTragick vulnerabilities as part of talk I gave at WellRailed on 26 May 2016.

Slides: https://speakerdeck.com/gchan/imagetragick-and-rails

Available as a Docker image gordonchan/imagetragick-rails.

Quick start (Docker)

To start an instance of the application in a Docker container:

$ docker-compose up

Alternatively:

$ docker run --rm -p 3131:3000 --name imagetragick -e SECRET_KEY_BASE=d41c2ab288fdefcd779ca19a1fa2dec39f21f945ad8c44770c4e4731c090e3e34643b9eb012c80739fc362cb44a44296b1e1d145eb76880f0e2cfc4ee4e301a1 gordonchan/imagetragick-rails

The application is accessible through port 3131 on the Docker host IP. The default IP is 192.168.99.100 but you can find yours by using docker-machine ip

License

imagetragick-rails is Copyright (c) 2016 Gordon Chan and is released under the MIT License. It is free software, and may be redistributed under the terms specified in the LICENSE file.

Analytics

About

A sample Rails application (and Docker image) to demonstrate the ImageTragick vulnerabilities

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published