CVE-2021-22204: Exiftool RCE
This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
In this challenge, you'll exploit a vulnerability in exiftool that affects its handling of the DjVu file format. exiftool is a Perl-based tool used to retrieve information from image files and supports a wide array of file formats. The vulnerability lies in the improper escaping of characters like $ and @ in the Perl eval(...) function, which allows for arbitrary code execution.
The practical exercise involves creating a malicious DjVu file that initially runs the cowsay command and then adapting it to execute the score command (/usr/local/bin/score [UUID]). This requires understanding the file format and modifying the payload to adjust the string size correctly, ensuring the command executes as intended. The lab provides a hands-on experience in manipulating file headers and exploiting software vulnerabilities.