Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source
https://github.com/PanAdamski/CVE-2022-44268-automated
Associated Vulnerability
Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Readme
# CVE-2022-44268-automated
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

Clone
```
git clone https://github.com/PanAdamski/CVE-2022-44268-automated.git
```
run
```
python3 automated.py /etc/passwd
```



The script was written to automatically process images on the DockMagic machine from the TryHackme platform, but if someone needs to use it for HackThebox Pilgrimage/Meta or for a real pentest scenario then the code is really easy to rewrite
File Snapshot

 [4.0K]  /data/pocs/e9acc6c88f064677e03933defb29fbf20e79f5c3
├── [2.6K]  automated.py
├── [1.6K]  image.png
└── [ 709]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →