Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source
https://github.com/katseyres2/CVE-2022-44268-pilgrimage
Associated Vulnerability
Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞,该漏洞源于存在信息泄露漏洞,当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。
Readme
# CVE-2022-44268 Arbitrary File Read PoC - PNG generator
This is a proof of concept of the ImageMagick bug discovered by https://www.metabaseq.com/imagemagick-zero-days/  
This is an automated tool for Pilgrimage HackTheBox challenge.  
This is a fork from https://git.rotfl.io/v/CVE-2022-44268.  
Tested on ImageMagick v. 7.1.0-48 and 6.9.11-60  

## How to use

### Clone the project
`git clone https://github.com/katseyres2/CVE-2022-44268-pilgrimage`

### Run the project
`bash main.sh /etc/passwd`
File Snapshot

 [4.0K]  /data/pocs/0a3972cbd2c372d61d5860172c713fece3412db7
├── [1.9K]  Cargo.lock
├── [ 212]  Cargo.toml
├── [1.6K]  image.png
├── [  60]  main.sh
├── [ 502]  README.md
├── [4.0K]  screens
│   ├── [ 68K]  01_generating.png
│   ├── [ 95K]  02_resized_image.png
│   ├── [198K]  03_hex.png
│   └── [638K]  04_result.png
├── [1.6K]  script.py
└── [4.0K]  src
    └── [ 896]  main.rs

2 directories, 11 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.