关联漏洞
描述
Python exploit for the CVE-2021-22204 vulnerability in Exiftool
介绍
# CVE-2021-22204-exiftool
Python exploit for the CVE-2021-22204 vulnerability in Exiftool.
## About the vulnerability
The CVE-2021-22204 was discovered and reported by William Bowling. (@wcbowling)
This exploit was made by studying the exiftool patch after the CVE was already reported.
## Pre-requisites
Installed exiftool and djvulibre tools. If you are on Debian or ubuntu you can install with:
```
sudo apt install djvulibre-bin exiftool
```
## How to run:
Change the IP and Port in the exploit.py file. You can test the reverse shell with
```
nc -nvlp 9090 # or the port you specify in the exploit.py file
```
Then:
```
python3 exploit.py
```
And the image.jpg will trigger the vulnerability when opened with a vulnerable exiftool.
If you want to practice, there is a small [lab here.](https://github.com/convisoappsec/CVE-2021-22204-exiftool/tree/master/lab)
文件快照
[4.0K] /data/pocs/9157814f90b9c152899fbea2fcda1a5b48d1fbc0
├── [ 468] configfile
├── [ 786] exploit.py
├── [ 46K] image.jpg
├── [4.0K] lab
│ ├── [1.6K] application.pl
│ ├── [ 491] Dockerfile
│ └── [ 592] README.md
└── [ 875] README.md
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。