# N/A
## 漏洞概述
ImageMagick 7.1.0-49 存在信息泄露漏洞。在解析 PNG 图像(例如调整大小)时,生成的图像中可能会嵌入任意文件的内容(如果 `magick` 二进制文件有权限读取该文件)。
## 影响版本
ImageMagick 7.1.0-49
## 漏洞细节
当 ImageMagick 解析 PNG 图像时,如果 `magick` 二进制文件有权限读取任意文件,该文件的内容可能会被嵌入到生成的图像中。
## 影响
攻击者可以利用此漏洞通过解析特别构造的 PNG 图像来获取系统中任意文件的内容。这可能导致敏感信息泄露。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator | https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC | POC详情 |
| 2 | The vulnerable recurrence docker environment for CVE-2022-44268 | https://github.com/y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment | POC详情 |
| 3 | Payload generator and extractor for CVE-2022-44268 written in Python. | https://github.com/agathanon/cve-2022-44268 | POC详情 |
| 4 | Detect images that likely exploit CVE-2022-44268 | https://github.com/jnschaeffer/cve-2022-44268-detector | POC详情 |
| 5 | An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image in Image Magic. | https://github.com/Ashifcoder/CVE-2022-44268-automated-poc | POC详情 |
| 6 | CVE-2022-44268 PoC | https://github.com/Baikuya/CVE-2022-44268-PoC | POC详情 |
| 7 | A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read | https://github.com/voidz0r/CVE-2022-44268 | POC详情 |
| 8 | ImageMagick LFI PoC [CVE-2022-44268] | https://github.com/Sybil-Scan/imagemagick-lfi-poc | POC详情 |
| 9 | Imagemagick CVE-2022-44268 | https://github.com/Vulnmachines/imagemagick-CVE-2022-44268 | POC详情 |
| 10 | CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit | https://github.com/kljunowsky/CVE-2022-44268 | POC详情 |
| 11 | None | https://github.com/nfm/heroku-CVE-2022-44268-reproduction | POC详情 |
| 12 | None | https://github.com/betillogalvanfbc/POC-CVE-2022-44268 | POC详情 |
| 13 | Tools for working with ImageMagick to handle arbitrary file read vulnerabilities. Generate, read, and apply profile information to PNG files using a command-line interface. | https://github.com/adhikara13/CVE-2022-44268-MagiLeak | POC详情 |
| 14 | Expoit for CVE-2022-44268 | https://github.com/bhavikmalhotra/CVE-2022-44268-Exploit | POC详情 |
| 15 | PoC of Imagemagick's Arbitrary File Read | https://github.com/entr0pie/CVE-2022-44268 | POC详情 |
| 16 | None | https://github.com/Pog-Frog/cve-2022-44268 | POC详情 |
| 17 | Automating Exploitation of CVE-2022-44268 ImageMagick Arbitrary File Read | https://github.com/narekkay/auto-cve-2022-44268.sh | POC详情 |
| 18 | ImageMagick Arbitrary Read Files - CVE-2022-44268 | https://github.com/fanbyprinciple/ImageMagick-lfi-poc | POC详情 |
| 19 | CVE-2022-44268_By_Kyokito | https://github.com/chairat095/CVE-2022-44268_By_Kyokito | POC详情 |
| 20 | A bash script for easyly exploiting ImageMagick Arbitrary File Read Vulnerability CVE-2022-44268 | https://github.com/atici/Exploit-for-ImageMagick-CVE-2022-44268 | POC详情 |
| 21 | None | https://github.com/Vagebondcur/IMAGE-MAGICK-CVE-2022-44268 | POC详情 |
| 22 | None | https://github.com/NataliSemi/-CVE-2022-44268 | POC详情 |
| 23 | None | https://github.com/CygnusX-26/CVE-2022-44268-fixed-PoC | POC详情 |
| 24 | None | https://github.com/PanAdamski/CVE-2022-44268-automated | POC详情 |
| 25 | ImageMagick 7.1.0-49 vulnerable to Information Disclosure | https://github.com/FlojBoj/CVE-2022-44268 | POC详情 |
| 26 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/ImageMagick%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2022-44268.md | POC详情 |
| 27 | https://github.com/vulhub/vulhub/blob/master/imagemagick/CVE-2022-44268/README.md | POC详情 | |
| 28 | None | https://github.com/katseyres2/CVE-2022-44268-pilgrimage | POC详情 |
| 29 | An exploit automation script that builds upon the work of Voidzone security. | https://github.com/J0ey17/Automate_Exploit_CVE-2022-44268 | POC详情 |
| 30 | None | https://github.com/jkobierczynski/cve-2022-44268 | POC详情 |
| 31 | None | https://github.com/mouftan/CVE-2022-44268 | POC详情 |
暂无评论