Share
## https://sploitus.com/exploit?id=0D348678-44DC-5E49-B844-D3DB388E7C0D
# CVE-2021-22204
## μ·¨μ½μ
exiftool μμ λͺ
λ Ή μ€ν
## μ¬μ©λ²
1. `exploit.py` νμΌμμ 리λ²μ€ μ λ°μ ip, port μ€μ ν `docker compose up` μ€ν
2. docker shellμ μ κ·Ό ν /root κ²½λ‘μμ `python3 exploit.py` νμΌμ μ€νν κ²½μ° `image.jpg` νμΌ κ³΅κ²© μ½λ μμ±
3. ν΄λΉ `image.jpg` νμΌμ λ€μ΄λ‘λνμ¬ μ¬μ©
## μ°Έκ³
https://ine.com/blog/exiftool-command-injection-cve-2021-22204-exploitation-and-prevention-strategies
https://github.com/convisolabs/CVE-2021-22204-exiftool