Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source
https://github.com/J0ey17/Automate_Exploit_CVE-2022-44268
Associated Vulnerability
Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Description
An exploit automation script that builds upon the work of Voidzone security.
Readme
# CVE-2022-44268 Automation Script - Quick Guide

## Credits
- Original Exploit: VoidZone Security (https://git.rotfl.io/v/CVE-2022-44268.git)
- This Python script automates their PoC for file exfiltration.

## Description
This script automates the exploitation of CVE-2022-44268 (ImageMagick file disclosure).
1. Takes a target file path (e.g., /etc/passwd) as a command-line argument.
2. Calls the VoidZone Security Rust PoC to generate a malicious PNG (`image.png`).
3. Uploads this PNG to the target web application.
4. Retrieves the processed image from the application.
5. Uses `exiftool` to extract and print the exfiltrated file content.

## Prerequisites
- Python 3.x
- Python `requests` library: `pip install requests`
- VoidZone's CVE-2022-44268 PoC:
    - Cloned from `https://git.rotfl.io/v/CVE-2022-44268.git`
    - Built with `cargo build` in its directory.
- `exiftool` command-line tool.
- `wget` command-line tool.

## Setup
1. Clone VoidZone's exploit: `git clone https://git.rotfl.io/v/CVE-2022-44268.git`
2. Navigate into the directory: `cd CVE-2022-44268`
3. Build the Rust PoC: `cargo build`
4. Place this Python script (e.g., `automate_exploit.py`) INSIDE the `CVE-2022-44268` directory.

## Script Configuration (IMPORTANT!)
You MUST edit the Python script (`automate_exploit.py`) for your target. Key variables to change:

1.  `payload`: Path to the malicious `image.png` generated by the Rust PoC.
    * Default in script: `"/home/kali/usr/htb/pilgrimage/CVE-2022-44268/image.png"`
    * **RECOMMENDED CHANGE**: `"image.png"` (since the script runs where `image.png` is created).

2.  `url`: The target URL for image upload.
    * Default: `"http://pilgrimage.htb"`
    * **CHANGE THIS** to your target's URL (e.g., `"http://vulnerable-site.com/upload"`).

3.  `proxies` (optional): For routing traffic (e.g., through Burp Suite).
    * Default: `{'http': 'http://127.0.0.1:8080'}`
    * **MODIFY OR REMOVE/SET TO `None`** if not needed.

4.  `Host` header (inside the `headers` dictionary): Should match the hostname in your `url`.
    * Default: `'Host': 'pilgrimage.htb'`
    * **CHANGE THIS** to your target's hostname.

## Usage
Ensure you are in the `CVE-2022-44268` directory (where `automate_exploit.py` and the Rust PoC are).
Run the script, providing the target file path to exfiltrate as an argument:

```bash
python3 automate_exploit.py "/etc/passwd"
File Snapshot

 [4.0K]  /data/pocs/824ef167ecf90a350bc4da6107be89ecc54e63da
├── [2.3K]  exploit.py
└── [2.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →