PoC Released for Ghostscript Flaw Exposing Dropbox, Airbnb

Hackers have demonstrated a current vulnerability in Ghostscript, a popular server-side image translation software program, and have provided proof-of-concept code to the public, according to The Daily Swig.

Emil Lerner, a security researcher from Saint Petersburg, Russia, exposed an unpatched vulnerability in Ghostscript version 9.50 at the ZeroNights X conference in Saint Petersburg.  Using ImageMagick, a free and open-source software package for file conversion on a variety of systems, the researchers were able to demonstrate their discovery (including Ubuntu).

Lerner described how he exploited his findings to gain access to the systems of Airbnb, Dropbox, and Yandex while he was speaking with the audience.  A real estate app that earns several bug bounties while simultaneously attempting to assist you in finding better houses is available.

There are a few different approaches that are used. For example, the Airbnb hack makes use of server-side request forgery (SSRF) in order to collect AWS metadata from a memory dump. Remote code execution (RCE) was only conceivable when Dropbox was used, although it could only be performed by an ordinary user and was therefore not considered to be particularly harmful.

When an error was thrown, the vulnerability was further exploited by encouraging Python to import their script, which increased the scope of the attack. The most current vulnerability makes use of SVG (scalable vector graphics) to download an EPI file, into which an attacker can insert arbitrary commands using Ghostscript, which is a scripting language.

Over the weekend, a functioning Python script, which exploited the Ghostscript vulnerability and made use of ImageMagick, was made available on the GitHub platform.

Following Lerner's submission of the proof-of-concept script, The Daily Swig sought a reaction from the hacker, Lerner, as well as the creators and marketers of the Ghostscript software. The material in this article will be updated as soon as new information becomes available.

Ghostscript version 9.54, which was released in March 2021, is the most recent version available. It has been demonstrated by the study's corpus that a large number of websites are vulnerable to attacks since they are still running outdated software.