Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source
https://github.com/J0ey17/Automate_Exploit_CVE-2022-44268
Associated Vulnerability
Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞,该漏洞源于存在信息泄露漏洞,当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。
Description
An exploit automation script that builds upon the work of Voidzone security.
Readme
# CVE-2022-44268 Automation Script - Quick Guide

## Credits
- Original Exploit: VoidZone Security (https://git.rotfl.io/v/CVE-2022-44268.git)
- This Python script automates their PoC for file exfiltration.

## Description
This script automates the exploitation of CVE-2022-44268 (ImageMagick file disclosure).
1. Takes a target file path (e.g., /etc/passwd) as a command-line argument.
2. Calls the VoidZone Security Rust PoC to generate a malicious PNG (`image.png`).
3. Uploads this PNG to the target web application.
4. Retrieves the processed image from the application.
5. Uses `exiftool` to extract and print the exfiltrated file content.

## Prerequisites
- Python 3.x
- Python `requests` library: `pip install requests`
- VoidZone's CVE-2022-44268 PoC:
    - Cloned from `https://git.rotfl.io/v/CVE-2022-44268.git`
    - Built with `cargo build` in its directory.
- `exiftool` command-line tool.
- `wget` command-line tool.

## Setup
1. Clone VoidZone's exploit: `git clone https://git.rotfl.io/v/CVE-2022-44268.git`
2. Navigate into the directory: `cd CVE-2022-44268`
3. Build the Rust PoC: `cargo build`
4. Place this Python script (e.g., `automate_exploit.py`) INSIDE the `CVE-2022-44268` directory.

## Script Configuration (IMPORTANT!)
You MUST edit the Python script (`automate_exploit.py`) for your target. Key variables to change:

1.  `payload`: Path to the malicious `image.png` generated by the Rust PoC.
    * Default in script: `"/home/kali/usr/htb/pilgrimage/CVE-2022-44268/image.png"`
    * **RECOMMENDED CHANGE**: `"image.png"` (since the script runs where `image.png` is created).

2.  `url`: The target URL for image upload.
    * Default: `"http://pilgrimage.htb"`
    * **CHANGE THIS** to your target's URL (e.g., `"http://vulnerable-site.com/upload"`).

3.  `proxies` (optional): For routing traffic (e.g., through Burp Suite).
    * Default: `{'http': 'http://127.0.0.1:8080'}`
    * **MODIFY OR REMOVE/SET TO `None`** if not needed.

4.  `Host` header (inside the `headers` dictionary): Should match the hostname in your `url`.
    * Default: `'Host': 'pilgrimage.htb'`
    * **CHANGE THIS** to your target's hostname.

## Usage
Ensure you are in the `CVE-2022-44268` directory (where `automate_exploit.py` and the Rust PoC are).
Run the script, providing the target file path to exfiltrate as an argument:

```bash
python3 automate_exploit.py "/etc/passwd"
File Snapshot

 [4.0K]  /data/pocs/824ef167ecf90a350bc4da6107be89ecc54e63da
├── [2.3K]  exploit.py
└── [2.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.