{"id":28242921,"url":"https://github.com/unicordev/exploit-cve-2021-22204","last_synced_at":"2026-03-02T05:31:21.288Z","repository":{"id":45011611,"uuid":"482377691","full_name":"UNICORDev/exploit-CVE-2021-22204","owner":"UNICORDev","description":"Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution","archived":false,"fork":false,"pushed_at":"2025-01-14T18:36:34.000Z","size":105,"stargazers_count":43,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-10T12:44:13.472Z","etag":null,"topics":["cve","cve-2021-22204","djvu","exiftool","exploit","hackthebox","linux","penetration-testing","proof-of-concept","python","unicord","vulnerability"],"latest_commit_sha":null,"homepage":"https://unicord.dev/exploit-CVE-2021-22204","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/UNICORDev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["NicPWNs"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2022-04-16T22:49:47.000Z","updated_at":"2025-05-21T06:32:16.000Z","dependencies_parsed_at":"2025-06-10T12:34:52.799Z","dependency_job_id":"55933500-52e4-42ca-93bc-d6a2af87f327","html_url":"https://github.com/UNICORDev/exploit-CVE-2021-22204","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/UNICORDev/exploit-CVE-2021-22204","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2021-22204","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2021-22204/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2021-22204/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2021-22204/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/UNICORDev","download_url":"https://codeload.github.com/UNICORDev/exploit-CVE-2021-22204/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UNICORDev%2Fexploit-CVE-2021-22204/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29993376,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T01:47:34.672Z","status":"online","status_checked_at":"2026-03-02T02:00:07.342Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","cve-2021-22204","djvu","exiftool","exploit","hackthebox","linux","penetration-testing","proof-of-concept","python","unicord","vulnerability"],"created_at":"2025-05-19T06:09:58.301Z","updated_at":"2026-03-02T05:31:21.266Z","avatar_url":"https://github.com/UNICORDev.png","language":"Python","funding_links":["https://github.com/sponsors/NicPWNs"],"categories":[],"sub_categories":[],"readme":"# Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution\r\n\r\n![GitHub CVE Cover](https://user-images.githubusercontent.com/23003787/172497711-958a0fb3-3937-41f7-be11-3c9fd767203d.png)\r\n\r\n**Like this repo? Give us a ⭐!**\r\n\r\n*For educational and authorized security research purposes only.*\r\n\r\n## Exploit Author\r\n[@UNICORDev](https://unicord.dev) by ([@NicPWNs](https://github.com/NicPWNs) and [@Dev-Yeoj](https://github.com/Dev-Yeoj))\r\n\r\n## Vulnerability Description\r\nImproper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image.\r\n\r\n## Exploit Description\r\nUse this exploit to generate a JPEG image payload that can be used with a vulnerable ExifTool version for code execution. A custom command can be provided or a reverse shell can be generated. A JPEG image is automatically generated, and optionally, a custom JPEG image can be supplied to have the payload inserted.\r\n\r\n## Usage\r\n```bash\r\n  python3 exploit-CVE-2021-22204.py -c \u003ccommand\u003e\r\n  python3 exploit-CVE-2021-22204.py -s \u003clocal-IP\u003e \u003clocal-port\u003e\r\n  python3 exploit-CVE-2021-22204.py -c \u003ccommand\u003e [-i \u003cimage.jpg\u003e]\r\n  python3 exploit-CVE-2021-22204.py -s \u003clocal-IP\u003e \u003clocal-port\u003e [-i \u003cimage.jpg\u003e]\r\n  python3 exploit-CVE-2021-22204.py -h\r\n```\r\n\r\n## Options\r\n```bash\r\n  -c    Custom command mode. Provide command to execute.\r\n  -s    Reverse shell mode. Provide local IP and port.\r\n  -i    Path to custom JPEG image. (Optional)\r\n  -h    Show this help menu.\r\n```\r\n\r\n## Download\r\n[Download exploit-CVE-2021-22204.py from GitHub](https://raw.githubusercontent.com/UNICORDev/exploit-CVE-2021-22204/main/exploit-CVE-2021-22204.py)\r\n\r\n[Download exploit-CVE-2021-22204.py from ExploitDB](https://www.exploit-db.com/exploits/50911)\r\n\r\n### Searchsploit (ExploitDB)\r\n```bash\r\nsearchsploit -u\r\nsearchsploit -m 50911\r\n```\r\n\r\n## Exploit Requirements\r\n- python3\r\n- djvulibre-bin\r\n- exiftool\r\n\r\n## Demo\r\n![Demo Gif](https://user-images.githubusercontent.com/23003787/168875285-b939e4a6-ea10-4b0d-a11a-3a2c1adc0fd7.gif)\r\n\r\n## Tested On\r\nExiftool Version 12.23\r\n\r\n## Applies To\r\nExiftool Versions 7.44 - 12.23\r\n\r\n## Vulnerable Environment\r\n```bash\r\nwget https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip\r\nunzip exiftool-12.23.zip\r\ncd exiftool-12.23\r\nperl Makefile.PL\r\nmake test\r\nsudo make install\r\nexiftool -ver\r\n```\r\n\r\n## Test Generated Payload\r\n```bash\r\nexiftool image.jpg\r\n```\r\n\r\n## Credits\r\n- https://hackerone.com/reports/1154542\r\n- https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/\r\n- https://nvd.nist.gov/vuln/detail/CVE-2021-22204\r\n- https://app.hackthebox.com/machines/Overflow\r\n- https://www.exploit-db.com/exploits/50911\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funicordev%2Fexploit-cve-2021-22204","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funicordev%2Fexploit-cve-2021-22204","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funicordev%2Fexploit-cve-2021-22204/lists"}