https://github.com/unicordev/exploit-cve-2021-22204

Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution
https://github.com/unicordev/exploit-cve-2021-22204

cve cve-2021-22204 djvu exiftool exploit hackthebox linux penetration-testing proof-of-concept python unicord vulnerability

Last synced: 15 days ago
JSON representation

Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution

• Host: GitHub
• URL: https://github.com/unicordev/exploit-cve-2021-22204
• Owner: UNICORDev
• Created: 2022-04-16T22:49:47.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2025-01-14T18:36:34.000Z (5 months ago)
• Last Synced: 2025-05-19T06:09:58.094Z (about 1 month ago)
• Topics: cve, cve-2021-22204, djvu, exiftool, exploit, hackthebox, linux, penetration-testing, proof-of-concept, python, unicord, vulnerability
• Language: Python
• Homepage: https://unicord.dev/exploit-CVE-2021-22204
• Size: 103 KB
• Stars: 42
• Watchers: 2
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution

![GitHub CVE Cover](https://user-images.githubusercontent.com/23003787/172497711-958a0fb3-3937-41f7-be11-3c9fd767203d.png)

**Like this repo? Give us a ⭐!**

*For educational and authorized security research purposes only.*

## Exploit Author

[@UNICORDev](https://unicord.dev) by ([@NicPWNs](https://github.com/NicPWNs) and [@Dev-Yeoj](https://github.com/Dev-Yeoj))

## Vulnerability Description

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image.

## Exploit Description

Use this exploit to generate a JPEG image payload that can be used with a vulnerable ExifTool version for code execution. A custom command can be provided or a reverse shell can be generated. A JPEG image is automatically generated, and optionally, a custom JPEG image can be supplied to have the payload inserted.

## Usage

```bash

  python3 exploit-CVE-2021-22204.py -c 

  python3 exploit-CVE-2021-22204.py -s  

  python3 exploit-CVE-2021-22204.py -c  [-i ]

  python3 exploit-CVE-2021-22204.py -s   [-i ]

  python3 exploit-CVE-2021-22204.py -h

```

## Options

```bash

  -c    Custom command mode. Provide command to execute.

  -s    Reverse shell mode. Provide local IP and port.

  -i    Path to custom JPEG image. (Optional)

  -h    Show this help menu.

```

## Download

[Download exploit-CVE-2021-22204.py from GitHub](https://raw.githubusercontent.com/UNICORDev/exploit-CVE-2021-22204/main/exploit-CVE-2021-22204.py)

[Download exploit-CVE-2021-22204.py from ExploitDB](https://www.exploit-db.com/exploits/50911)

### Searchsploit (ExploitDB)

```bash

searchsploit -u

searchsploit -m 50911

```

## Exploit Requirements

- python3

- djvulibre-bin

- exiftool

## Demo

![Demo Gif](https://user-images.githubusercontent.com/23003787/168875285-b939e4a6-ea10-4b0d-a11a-3a2c1adc0fd7.gif)

## Tested On

Exiftool Version 12.23

## Applies To

Exiftool Versions 7.44 - 12.23

## Vulnerable Environment

```bash

wget https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip

unzip exiftool-12.23.zip

cd exiftool-12.23

perl Makefile.PL

make test

sudo make install

exiftool -ver

```

## Test Generated Payload

```bash

exiftool image.jpg

```

## Credits

- https://hackerone.com/reports/1154542

- https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/

- https://nvd.nist.gov/vuln/detail/CVE-2021-22204

- https://app.hackthebox.com/machines/Overflow

- https://www.exploit-db.com/exploits/50911