关联漏洞
标题:
ImageMagick 安全漏洞
(CVE-2022-44268)
描述:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞,该漏洞源于存在信息泄露漏洞,当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。
介绍
# CVE-2022-44268-automated
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Clone
```
git clone https://github.com/PanAdamski/CVE-2022-44268-automated.git
```
run
```
python3 automated.py /etc/passwd
```
The script was written to automatically process images on the DockMagic machine from the TryHackme platform, but if someone needs to use it for HackThebox Pilgrimage/Meta or for a real pentest scenario then the code is really easy to rewrite
文件快照
[4.0K] /data/pocs/e9acc6c88f064677e03933defb29fbf20e79f5c3
├── [2.6K] automated.py
├── [1.6K] image.png
└── [ 709] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。