CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source

https://github.com/Baikuya/CVE-2022-44268-PoC

Associated Vulnerability

Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞，该漏洞源于存在信息泄露漏洞，当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。

Description

CVE-2022-44268 PoC

Readme

# CVE-2022-44268-PoC

This repository includes a test file for CVE-2022-44268 ImageMagick Arbitrary File Read.


## Testing

1. Upload the `pngout.png` into a Webapplication
2. Check if the image can be cropped, cut or edited in any way
3. Download the edited image
4. Use `identify -verbose edit_image.png` to see if `Raw profile type:` has some value
5. If the applciation is vulnerable you will see some bytes which contain the `/etc/passwd` for the application host

## Legal notice

Only use this for testing and legal purpose

File Snapshot


 [4.0K]  /data/pocs/e87833e6141ac5eba6be256447fb1bca4a73c4bf
├── [2.4K]  pngout.png
└── [ 533]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!