Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source
https://github.com/bhavikmalhotra/CVE-2022-44268-Exploit
Associated Vulnerability
Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Description
Expoit for CVE-2022-44268
Readme
# CVE-2022-44268-Exploit
Expoit for CVE-2022-44268

Arbitrary File Read PoC - PNG generator

This is a proof of concept of the ImageMagick bug discovered by https://www.metabaseq.com/imagemagick-zero-days/

Edit mal_file variable to `pwd`/pngout.png

Edit cmd to vulnerable `magick` installation path

References: https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
File Snapshot

 [4.0K]  /data/pocs/93f915c091d388d8e270d6e294e0edb726da9d4b
├── [2.4K]  lfi.py
└── [ 391]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →