CVE-2021-22204: Exiftool RCE

Bookmarked!

This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files

PRO Hard 1-2 Hrs. 178 Media Badge

Course

In this exercise, you'll learn to exploit a vulnerability in <code>exiftool</code> discovered by William Bowling. The lab involves creating a malicious DjVu file to gain code execution by exploiting a flaw in the <code>eval(...)</code> function used by <code>exiftool</code>.

Skills covered

Injection Operating System Network

CWE-74

Included with PRO

Full course content 1 video

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account