Lucene search
MikkocarreonH1:1858574HistoryFeb 02, 2023 - 6:00 a.m.
HackerOne: [CVE-2022-44268] Arbitrary Remote Leak via ImageMagick
2023-02-0206:00:01
mikkocarreon
hackerone.com
51
arbitrary remote leak
imagemagick
profile data disclosure
hackerone
cve-2022-44268
bug bounty
security vulnerability
0.014 Low
EPSS
Percentile
86.6%
Summary:
HackerOne’s image upload is using ImageMagick to convert/resize images and is likely updated. Thus, it’s vulnerable to CVE-2022-44268.
Description:
Steps To Reproduce
- Navigate to your profile
- Edit and upload the attached image (
im-lfi.png) as your profile picture - Save changes and download the resized picture
- Issue the following command to view the downloaded image’s profile data;
identify -verbose image.png
Then, copy the Raw profile type: and decode it using any tool or using Python like;
python -c "print(bytes.fromhex('2c2c2c3a2f72756e2f73797374656d643a2f7573722f7362696e2f6e6f6c6f67696e0a').decode())"
I’ve attached the resized image too which contains the content of /etc/passwd i.e. 86bca9490b71a481329efc85de3a82a98f6c29475f4926fd2b5fc844b96899c0.png
Impact
Arbitrary Remote Leak
Related
alpinelinux
alpinelinux
CVE-2022-44268
2023-02-06 21:15:09
debiancve
debiancve
CVE-2022-44268
2023-02-06 21:15:09
githubexploit
githubexploit
Exploit for CVE-2022-44268
2023-07-14 17:46:15
Exploit for CVE-2022-44268
2023-02-05 18:42:27
Exploit for CVE-2022-44268
2023-11-14 21:54:17
redhatcve
redhatcve
CVE-2022-44268
2023-02-07 05:26:28
veracode
veracode
Information Disclosure
2023-02-10 17:50:09
attackerkb
attackerkb
CVE-2022-44268
2023-02-06 00:00:00
f5
f5
K000132457 : ImageMagick vulnerability CVE-2022-44268
2023-02-08 00:00:00
osv
osv
CVE-2022-44268
2023-02-06 21:15:09
imagemagick vulnerabilities
2023-03-15 21:16:46
imagemagick vulnerabilities
2023-02-09 20:50:55
cve
cve
CVE-2022-44268
2023-02-06 21:15:09
ubuntucve
ubuntucve
CVE-2022-44268
2023-02-06 00:00:00
cvelist
cvelist
CVE-2022-44268
2023-02-06 00:00:00
nvd
nvd
CVE-2022-44268
2023-02-06 21:15:09
prion
prion
Information disclosure
2023-02-06 21:15:00
fedora
fedora
[SECURITY] Fedora 36 Update: ImageMagick-6.9.12.77-1.fc36
2023-02-22 11:10:31
[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.77-1.fc37
2023-02-17 18:22:02
openvas
openvas
openSUSE: Security Advisory for ImageMagick (SUSE-SU-2023:0428-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0428-1)
2023-02-16 00:00:00
Fedora: Security Advisory for ImageMagick (FEDORA-2023-93389b8a9e)
2023-02-23 00:00:00
exploitdb
exploitdb
ImageMagick 7.1.0-49 - Arbitrary File Read
2023-04-05 00:00:00
thn
thn
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
2023-02-01 19:59:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2023-02-09 00:00:00
ImageMagick vulnerabilities
2023-04-17 00:00:00
ImageMagick vulnerabilities
2023-03-15 00:00:00
nessus
nessus
Debian DSA-5347-1 : imagemagick - security update
2023-02-15 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:0428-1)
2023-02-16 00:00:00
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2023:0421-1)
2023-02-16 00:00:00
debian
debian
[SECURITY] [DSA 5347-1] imagemagick security update
2023-02-13 18:58:10
[SECURITY] [DLA 3357-1] imagemagick security update
2023-03-11 19:39:30
wallarmlab
wallarmlab
Yet More ImageMagick Vulnerabilities
2023-02-06 09:49:07
amazon
amazon
Medium: ImageMagick
2023-02-17 00:12:00
Medium: ImageMagick
2023-03-02 20:22:00
redos
redos
ROS-20230213-01
2023-02-13 00:00:00
cloudfoundry
cloudfoundry
USN-5855-2: ImageMagick vulnerabilities | Cloud Foundry
2023-03-23 00:00:00
USN-5855-1: ImageMagick vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-4.0-0345
2023-03-03 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0541
2023-03-03 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0021
2023-06-07 00:00:00
gentoo
gentoo
ImageMagick: Multiple Vulnerabilities
2024-05-04 00:00:00