CVE-2022-44268 imageMagick LFI

ImageMagick

The ImageMagick is the tool modify the picture.

The function of ImageMagick is ELF file named magick.

The vulnerability version of ImageMagick is 7.1.0-49

Exploit

It will use ImageMagick to resize the image,we need to create a malicious image and upload it to the target.After the ImageMagick component resize the image,we can be able to extract information from the resized image.

https://github.com/voidz0r/CVE-2022-44268

Here is the exploit tool.

Using cargo to create a png file with sensitive path that you want to grab.

cargo run "/etc/passwd"

And we get the image.png file.

Upload the png flie and wait for the hint "upload successfully".

Download that png and extract it.

identify -verbose xxx.png

At last,we can see the large amount of hex.

Using python script or online web tool to change those hex into strings format.

posted @ 2024-01-19 15:13 lisenMiller 阅读(11) 评论(0) 编辑收藏举报

刷新页面返回顶部

lisenMiller

CVE-2022-44268 imageMagick LFI

ImageMagick

Exploit

公告