Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source
https://github.com/bhavikmalhotra/CVE-2022-44268-Exploit
Associated Vulnerability
Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞,该漏洞源于存在信息泄露漏洞,当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。
Description
Expoit for CVE-2022-44268
Readme
# CVE-2022-44268-Exploit
Expoit for CVE-2022-44268

Arbitrary File Read PoC - PNG generator

This is a proof of concept of the ImageMagick bug discovered by https://www.metabaseq.com/imagemagick-zero-days/

Edit mal_file variable to `pwd`/pngout.png

Edit cmd to vulnerable `magick` installation path

References: https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
File Snapshot

 [4.0K]  /data/pocs/93f915c091d388d8e270d6e294e0edb726da9d4b
├── [2.4K]  lfi.py
└── [ 391]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.