CVE-2021-22204 PoC — exiftool 代码注入漏洞

Source

https://github.com/cc3305/CVE-2021-22204

Associated Vulnerability

Title:exiftool 代码注入漏洞 (CVE-2021-22204)
Description:exiftool是一个应用软件。使元数据更易于访问。 ExifTool 7.44版本及之前版本存在代码注入漏洞，该漏洞允许在解析恶意图像时任意执行代码。

Description

CVE-2021-22204 exploit script

Readme

# CVE-2021-22204

## Summary of the CVE

Improper sanitization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image.

## Affected Versions

- Version 7.44 - 12.23

## Anomalies

- Dependencies: djvulibre-bin exiftool
- Calls these three commands: [bzz, dvjumake, exiftool]

## References

- [Github POC - Gustavo Dutra, May 11 2021](https://github.com/convisolabs/CVE-2021-22204-exiftool)
- [A case study on: CVE-2021-22204 Exiftool RCE - Gustavo Dutra, May 19 2021](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)
- [CVE-details - CVSS Score 6.8](https://www.cvedetails.com/cve/CVE-2021-22204/)

File Snapshot


 [4.0K]  /data/pocs/20d86e91dc1dd4e2ecea618a692de0f04599d0fe
├── [ 468]  configfile
├── [2.4K]  CVE-2021-22204.py
├── [3.6K]  malicious_image.jpg
└── [ 710]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!