CVE-2021-22204: Exiftool RCE

This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files

PRO
Tier
Hard
1-2 Hrs.
146
Media Badge

Course


In this challenge, you'll exploit a vulnerability in `exiftool` that affects its handling of the DjVu file format. `exiftool` is a Perl-based tool used to retrieve information from image files and supports a wide array of file formats. The vulnerability lies in the improper escaping of characters like `$` and `@` in the Perl `eval(...)` function, which allows for arbitrary code execution.

The practical exercise involves creating a malicious DjVu file that initially runs the `cowsay` command and then adapting it to execute the `score` command (`/usr/local/bin/score [UUID]`). This requires understanding the file format and modifying the payload to adjust the string size correctly, ensuring the command executes as intended. The lab provides a hands-on experience in manipulating file headers and exploiting software vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GO PRO