CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source

https://github.com/PanAdamski/CVE-2022-44268-automated

Associated Vulnerability

Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞，该漏洞源于存在信息泄露漏洞，当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。

Readme

# CVE-2022-44268-automated
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

Clone
```
git clone https://github.com/PanAdamski/CVE-2022-44268-automated.git
```
run
```
python3 automated.py /etc/passwd
```



The script was written to automatically process images on the DockMagic machine from the TryHackme platform, but if someone needs to use it for HackThebox Pilgrimage/Meta or for a real pentest scenario then the code is really easy to rewrite

File Snapshot


 [4.0K]  /data/pocs/e9acc6c88f064677e03933defb29fbf20e79f5c3
├── [2.6K]  automated.py
├── [1.6K]  image.png
└── [ 709]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!