CVE-2021-22204 PoC — exiftool 代码注入漏洞

Source

https://github.com/ph-arm/CVE-2021-22204-Gitlab

Associated Vulnerability

Title:exiftool 代码注入漏洞 (CVE-2021-22204)
Description:exiftool是一个应用软件。使元数据更易于访问。 ExifTool 7.44版本及之前版本存在代码注入漏洞，该漏洞允许在解析恶意图像时任意执行代码。

Description

Modification of gitlab exploit anything under 13.10

Readme

# Gitlab-Exiftool-RCE
Original repos : https://github.com/CsEnox/Gitlab-Exiftool-RCE
Creds to CsEnox.
RCE Exploit for Gitlab &lt; 13.10.3
- GitLab Workhorse will pass any file to ExifTool. The current bug is in the DjVu module of ExifTool.
- Anyone with the ability to upload an image that goes through the GitLab Workhorse could achieve RCE via a specially crafted file

## Usage
```
python3 exploit.py -c "command here" -t http://gitlab.example.com
```

## Environment
- Tested on Gitlab 13.10.2 Community Edition
- Building your own test environment :
```
export GITLAB_HOME=/srv/gitlab

sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  gitlab/gitlab-ce:13.10.2-ce.0
 ```

## Credits
- https://hackerone.com/reports/1154542 : vakzz
- https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html

## Exploit-DB
- https://www.exploit-db.com/exploits/49951

File Snapshot


 [4.0K]  /data/pocs/9b683e54baef768c989c89dc5dba9a10f79d1e11
├── [2.6K]  exploit.py
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!