Skip to content

convisolabs/CVE-2021-22204-exiftool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

lab

lab

 
 

README.md

README.md

 
 

configfile

configfile

 
 

exploit.py

exploit.py

 
 

image.jpg

image.jpg

 
 

Repository files navigation

CVE-2021-22204-exiftool

Python exploit for the CVE-2021-22204 vulnerability in Exiftool.

About the vulnerability

The CVE-2021-22204 was discovered and reported by William Bowling. (@wcbowling)

This exploit was made by studying the exiftool patch after the CVE was already reported.

Pre-requisites

Installed exiftool and djvulibre tools. If you are on Debian or ubuntu you can install with:

sudo apt install djvulibre-bin exiftool

How to run:

Change the IP and Port in the exploit.py file. You can test the reverse shell with

nc -nvlp 9090  # or the port you specify in the exploit.py file

Then:

python3 exploit.py

And the image.jpg will trigger the vulnerability when opened with a vulnerable exiftool.

If you want to practice, there is a small lab here.

About

Python exploit for the CVE-2021-22204 vulnerability in Exiftool

blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/

Topics

cve exiftool

Resources

Readme
Activity
Custom properties

Stars

87 stars

Watchers

9 watching

Forks

29 forks
Report repository

Contributors 2

Languages