Public | Automated Build

Last pushed: 2 years ago
Short Description
A sample Ruby on Rails application to demonstrate ImageTragick vulnerabilities
Full Description

ImageTragick Rails (gordonchan/imagetragick-rails)

A sample Rails application to demonstrate the ImageTragick vulnerabilities as part of talk I gave at WellRailed on 26 May 2016.


Available as a Docker image gordonchan/imagetragick-rails.

Quick start (Docker)

To start an instance of the application in a Docker container:

$ docker-compose up


$ docker run --rm -p 3131:3000 --name imagetragick -e SECRET_KEY_BASE=d41c2ab288fdefcd779ca19a1fa2dec39f21f945ad8c44770c4e4731c090e3e34643b9eb012c80739fc362cb44a44296b1e1d145eb76880f0e2cfc4ee4e301a1 gordonchan/imagetragick-rails

The application is accessible through port 3131 on the Docker host IP. The default IP is but you can find yours by using docker-machine ip


imagetragick-rails is Copyright (c) 2016 Gordon Chan and is released under the MIT License. It is free software, and may be redistributed under the terms specified in the LICENSE file.

Docker Pull Command
Source Repository