CVE-2021-22204: Exiftool RCE II
Bookmarked!This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
In this challenge, you will exploit a vulnerability in exiftool
, a utility used to retrieve information from images, specifically in its handling of the DjVu file format. Discovered by William Bowling, this vulnerability arises from the use of the Perl eval(...)
function, which fails to adequately escape certain characters, allowing for code injection. You will upload a JPEG file containing a malicious DjVu payload to exploit this issue.
The goal is to manipulate the HasselbladExif
tag, which is not writable by default. To do this, you will create a custom configuration file that makes this tag writable, and then use exiftool
to embed the DjVu file into the JPEG image. The final step is to submit the modified JPEG file to achieve command execution. Detailed instructions and the necessary configuration code are provided to guide you through this process.