CVE-2021-22204: Exiftool RCE
Bookmarked!This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
In this challenge, you'll exploit a vulnerability in exiftool
that affects its handling of the DjVu file format. exiftool
is a Perl-based tool used to retrieve information from image files and supports a wide array of file formats. The vulnerability lies in the improper escaping of characters like $
and @
in the Perl eval(...)
function, which allows for arbitrary code execution.
The practical exercise involves creating a malicious DjVu file that initially runs the cowsay
command and then adapting it to execute the score
command (/usr/local/bin/score [UUID]
). This requires understanding the file format and modifying the payload to adjust the string size correctly, ensuring the command executes as intended. The lab provides a hands-on experience in manipulating file headers and exploiting software vulnerabilities.