ImageMagick
The ImageMagick is the tool modify the picture.
The function of ImageMagick is ELF file named magick.
The vulnerability version of ImageMagick is 7.1.0-49
Exploit
It will use ImageMagick to resize the image,we need to create a malicious image and upload it to the target.After the ImageMagick component resize the image,we can be able to extract information from the resized image.
https://github.com/voidz0r/CVE-2022-44268
Here is the exploit tool.
Using cargo to create a png file with sensitive path that you want to grab.
cargo run "/etc/passwd"
And we get the image.png file.
Upload the png flie and wait for the hint "upload successfully".
Download that png and extract it.
identify -verbose xxx.png
At last,we can see the large amount of hex.
Using python script or online web tool to change those hex into strings format.
