Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick CVE-2022-44268

## https://sploitus.com/exploit?id=D49E79BA-0205-5C80-92EA-60F47A46579D
# CVE-2022-44268 Automation Script - Quick Guide

## Credits
- Original Exploit: VoidZone Security (https://git.rotfl.io/v/CVE-2022-44268.git)
- This Python script automates their PoC for file exfiltration.

## Description
This script automates the exploitation of CVE-2022-44268 (ImageMagick file disclosure).
1. Takes a target file path (e.g., /etc/passwd) as a command-line argument.
2. Calls the VoidZone Security Rust PoC to generate a malicious PNG (`image.png`).
3. Uploads this PNG to the target web application.
4. Retrieves the processed image from the application.
5. Uses `exiftool` to extract and print the exfiltrated file content.

## Prerequisites
- Python 3.x
- Python `requests` library: `pip install requests`
- VoidZone's CVE-2022-44268 PoC:
    - Cloned from `https://git.rotfl.io/v/CVE-2022-44268.git`
    - Built with `cargo build` in its directory.
- `exiftool` command-line tool.
- `wget` command-line tool.

## Setup
1. Clone VoidZone's exploit: `git clone https://git.rotfl.io/v/CVE-2022-44268.git`
2. Navigate into the directory: `cd CVE-2022-44268`
3. Build the Rust PoC: `cargo build`
4. Place this Python script (e.g., `automate_exploit.py`) INSIDE the `CVE-2022-44268` directory.

## Script Configuration (IMPORTANT!)
You MUST edit the Python script (`automate_exploit.py`) for your target. Key variables to change:

1.  `payload`: Path to the malicious `image.png` generated by the Rust PoC.
    * Default in script: `"/home/kali/usr/htb/pilgrimage/CVE-2022-44268/image.png"`
    * **RECOMMENDED CHANGE**: `"image.png"` (since the script runs where `image.png` is created).

2.  `url`: The target URL for image upload.
    * Default: `"http://pilgrimage.htb"`
    * **CHANGE THIS** to your target's URL (e.g., `"http://vulnerable-site.com/upload"`).

3.  `proxies` (optional): For routing traffic (e.g., through Burp Suite).
    * Default: `{'http': 'http://127.0.0.1:8080'}`
    * **MODIFY OR REMOVE/SET TO `None`** if not needed.

4.  `Host` header (inside the `headers` dictionary): Should match the hostname in your `url`.
    * Default: `'Host': 'pilgrimage.htb'`
    * **CHANGE THIS** to your target's hostname.

## Usage
Ensure you are in the `CVE-2022-44268` directory (where `automate_exploit.py` and the Rust PoC are).
Run the script, providing the target file path to exfiltrate as an argument:

```bash
python3 automate_exploit.py "/etc/passwd"