来源

关联漏洞

描述

Challenge based on CVE-2021-22204 where users send a malicious file to a web application to gain RCE

介绍

# DejaVu

This container runs a web application that analyzes images and returns their metadata using exiftool. Users send the application a URL to an image and the app will retrieve it, analyze it, and return the results. The version of exiftool used by the application is vulnerable to CVE-2021-22204 as the DjVu file module has an unsafe eval which can be triggered with a specially crafted file to execute arbitrary commands. Competitors must use their bot to host a malicious "image" (as a png/jpeg/tiff), then tell the app to request their malicious image and evaluate it resulting in their payload executing.

## Building
```sh
docker build . -t dejavu
```

## Running
```sh
docker run --cpus=1 -p 8000:80 dejavu
```

## Exploiting
```sh
python3 dejavu.py <container addr> <lhost address> --lhost <lhost address>
```
> **NOTE**
> It is very unstable

> **NOTE**
> The `requirements.txt` is only for the same python running on the base image. If on a different system or python version, just manually install the python packages.

## References 
* [a-case-study-on-cve-2021-22204-exiftool-rce](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)

文件快照

 [4.0K]  /data/pocs/d482c25f8dd57c256bbeb06ced38d03d6ee2ff24
├── [5.5K]  app.py
├── [3.7K]  dejavu.py
├── [ 12K]  DjVu.pm
├── [ 426]  Dockerfile
├── [1.2K]  README.md
└── [  75]  requirements.txt

0 directories, 6 files

备注