POC详情: 83feff0855629817d4b947fd0f8221443358538f

来源
https://github.com/SudoIndividual/CVE-2023-34152
关联漏洞
标题: ImageMagick 操作系统命令注入漏洞 (CVE-2023-34152)
描述:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick存在安全漏洞,该漏洞源于配置 ImageMagick./configure --enable-pipe会导致远程代码执行。
描述
POC for ImageMagick 6.9.6-4. This is a POC which was inspired by fullwaywang discovery of CVE-2023-34152.
介绍
# CVE-2023-34152
RCE vulnerability affecting ImageMagick 6.9.6-4. This vulnerability allows the attacker to execute commands on the victim system. Thus, allowing for Remote Command Execution.

This is a POC which was inspired by fullwaywang discovery of CVE-2023-34152.

[Vulnerability Disclosure](https://github.com/ImageMagick/ImageMagick/issues/6339)

```
Usage: python3 CVE-2023-34152.py Attacker_IP Attacker_Port
```
## Description
an aribitary code execution vulnerability (shell command injection) in OpenBlob, which is actually an incomplete fix to CVE-2016-5118.

CVE-2016-5118 showed that opening any image file whose name starts with a '|' character, ImageMagick will popen the remaining part of the file name. As a fix, it add a configure option --enable-pipes to specially turn on the support of pipes; and also, the invocation of SanitizeString is added before popen_utf8 the filename to suppress aribitary command execution.

However, SanitizeString only filters out characters like single quotes but not ` or ". This allows shell command injection through malformed file name.

Credits: [fullwaywang](https://github.com/fullwaywang)
## PATCH

Upgrade to version 7.1.1.10 

---
文件快照

 [4.0K]  /data/pocs/83feff0855629817d4b947fd0f8221443358538f
├── [1.3K]  CVE-2023-34152.py
└── [1.2K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。