Share
## https://sploitus.com/exploit?id=0D348678-44DC-5E49-B844-D3DB388E7C0D
# CVE-2021-22204

## 취약점
exiftool μž„μ˜ λͺ…λ Ή μ‹€ν–‰

## μ‚¬μš©λ²•

1. `exploit.py` νŒŒμΌμ—μ„œ λ¦¬λ²„μŠ€ μ‰˜ 받을 ip, port μ„€μ • ν›„ `docker compose up` μ‹€ν–‰
2. docker shell에 μ ‘κ·Ό ν›„ /root κ²½λ‘œμ—μ„œ `python3 exploit.py` νŒŒμΌμ„ μ‹€ν–‰ν•  경우 `image.jpg` 파일 곡격 μ½”λ“œ 생성
3. ν•΄λ‹Ή `image.jpg` νŒŒμΌμ„ λ‹€μš΄λ‘œλ“œν•˜μ—¬ μ‚¬μš©

## μ°Έκ³ 
https://ine.com/blog/exiftool-command-injection-cve-2021-22204-exploitation-and-prevention-strategies
https://github.com/convisolabs/CVE-2021-22204-exiftool