CVE-2021-22204: Exiftool RCE II

This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files

PRO
Tier
Medium
< 1 Hr.
52
Media Badge

Course


In this challenge, you will exploit a vulnerability in `exiftool`, a utility used to retrieve information from images, specifically in its handling of the DjVu file format. Discovered by William Bowling, this vulnerability arises from the use of the Perl `eval(...)` function, which fails to adequately escape certain characters, allowing for code injection. You will upload a JPEG file containing a malicious DjVu payload to exploit this issue.

The goal is to manipulate the `HasselbladExif` tag, which is not writable by default. To do this, you will create a custom configuration file that makes this tag writable, and then use `exiftool` to embed the DjVu file into the JPEG image. The final step is to submit the modified JPEG file to achieve command execution. Detailed instructions and the necessary configuration code are provided to guide you through this process.

Want to learn more? Get started with PentesterLab Pro! GO PRO