This repository includes a test file for CVE-2022-44268 ImageMagick Arbitrary File Read.
- Upload the
pngout.png
into a Webapplication - Check if the image can be cropped, cut or edited in any way
- Download the edited image
- Use
identify -verbose edit_image.png
to see ifRaw profile type:
has some value - If the applciation is vulnerable you will see some bytes which contain the
/etc/passwd
for the application host
Only use this for testing and legal purpose