[CVE-2022-44268] Arbitrary Remote Leak via ImageMagick

**Summary:** HackerOne's image upload is using ImageMagick to convert/resize images and is likely updated. Thus, it's vulnerable to CVE-2022-44268. **Description:** ### Steps To Reproduce 1. Navigate to your profile 2. Edit and upload the attached image (`im-lfi.png`) as your profile picture 3. Save changes and download the resized picture 4. Issue the following command to view the downloaded image's profile data; ```bash identify -verbose image.png ``` Then, copy the `Raw profile type:` and decode it using any tool or using Python like; ```bash python -c "print(bytes.fromhex('2c2c2c3a2f72756e2f73797374656d643a2f7573722f7362696e2f6e6f6c6f67696e0a').decode())" ``` I've attached the resized image too which contains the content of /etc/passwd i.e. 86bca9490b71a481329efc85de3a82a98f6c29475f4926fd2b5fc844b96899c0.png ## Impact Arbitrary Remote Leak