CVE-2021-22204: Exiftool RCE

Bookmarked!

This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files

PRO
Tier
Hard
1-2 Hrs.
158
Media Badge

In this challenge, you'll exploit a vulnerability in exiftool that affects its handling of the DjVu file format. exiftool is a Perl-based tool used to retrieve information from image files and supports a wide array of file formats. The vulnerability lies in the improper escaping of characters like $ and @ in the Perl eval(...) function, which allows for arbitrary code execution.

The practical exercise involves creating a malicious DjVu file that initially runs the cowsay command and then adapting it to execute the score command (/usr/local/bin/score [UUID]). This requires understanding the file format and modifying the payload to adjust the string size correctly, ensuring the command executes as intended. The lab provides a hands-on experience in manipulating file headers and exploiting software vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GOPRO