![]() it uses exiftool to read the file and store the EXIF data of each file in /opt/metadataħ.inspect jpg files located in /var/www/html/subrion/uploads.Taking a look at the script, it does the following I tried to read the file, and I had permissionsĦ. Reading the contents of /etc/crontab I confirm this is a scheduled taskĥ. Using PSPY script, I noticed a script running quite often /opt/image-exif.sh, before that script I see cron being executed, so, I assume this is a scheduled taskĤ. To trigger the vulnerable function, we need to create a valid DjVu file that contains an annotation chunk with the payload that will be executed by the eval function as Perl code.ģ. ![]() The vulnerability happens when Exiftool tries to parse the DjVu filetype, more specifically the annotations field in the file structure. ![]() By using a specially-crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.Įxiftool is a tool and library made in Perl that extracts metadata from almost any type of file. ExifTool 12.23 – Arbitrary Code Execution – (Privilege escalation) – CVE-2021-22204ĮxifTool could allow a local attacker to execute arbitrary code on the system, caused by improper neutralization of user data in the DjVu file format. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |