Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-22204

Description

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

POC

Reference

- http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html

- http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html

- http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html

- http://www.openwall.com/lists/oss-security/2021/05/10/5

Github

- https://github.com/0x7n6/OSCP

- https://github.com/0xBruno/CVE-2021-22204

- https://github.com/0xD13/OSCP-Prep-Guide

- https://github.com/0xStrygwyr/OSCP-Guide

- https://github.com/0xZipp0/OSCP

- https://github.com/0xsyr0/OSCP

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Akash7350/CVE-2021-22204

- https://github.com/Al1ex/CVE-2021-22205

- https://github.com/AlienTec1908/Dejavu_HackMyVM_Easy

- https://github.com/Asaad27/CVE-2021-22204-RSE

- https://github.com/AssassinUKG/CVE-2021-22204

- https://github.com/BLACKHAT-SSG/MindMaps2

- https://github.com/CsEnox/Gitlab-Exiftool-RCE

- https://github.com/DarkFunct/CVE_Exploits

- https://github.com/EdgeSecurityTeam/Vulnerability

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/EssenceCyber/Exploit-List

- https://github.com/EternalDreamer01/RCE-exploit-Gitlab-13.9.1

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/Konstantinos-Papanagnou/CMSpit

- https://github.com/LazyTitan33/ExifTool-DjVu-exploit

- https://github.com/Lazykakarot1/Learn-365

- https://github.com/Ly0nt4r/OSCP

- https://github.com/MikeCod/RCE-exploit-Gitlab-13.9.1

- https://github.com/Mr-Tree-S/POC_EXP

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/OneSecCyber/JPEG_RCE

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PenTestical/CVE-2021-22204

- https://github.com/PolGs/htb-meta

- https://github.com/PwnAwan/MindMaps2

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/SYRTI/POC_to_review

- https://github.com/SantoriuHen/NotesHck

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/SexyBeast233/SecBooks

- https://github.com/SirElmard/ethical_hacking

- https://github.com/Sm4rty-1/awesome-blogs

- https://github.com/UNICORDev/exploit-CVE-2021-22204

- https://github.com/VishuGahlyan/OSCP

- https://github.com/WhooAmii/POC_to_review

- https://github.com/al4xs/CVE-2021-22205-gitlab

- https://github.com/anquanscan/sec-tools

- https://github.com/battleofthebots/dejavu

- https://github.com/bilkoh/POC-CVE-2021-22204

- https://github.com/binganao/vulns-2022

- https://github.com/carmilea/carmilea

- https://github.com/cc3305/CVE-2021-22204

- https://github.com/convisolabs/CVE-2021-22204-exiftool

- https://github.com/devdanqtuan/CVE-2021-22205

- https://github.com/dudek0807/OverflowWriteup

- https://github.com/e-hakson/OSCP

- https://github.com/eljosep/OSCP-Guide

- https://github.com/exfilt/CheatSheet

- https://github.com/fazilbaig1/oscp

- https://github.com/gkhan496/WDIR

- https://github.com/harsh-bothra/learn365

- https://github.com/hongson97/ctf-challenges

- https://github.com/htankhaishan/ASC

- https://github.com/htrgouvea/research

- https://github.com/jagat-singh-chaudhary/bugbounty-365-days

- https://github.com/jitmondal1/OSCP

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/kherrick/hacker-news

- https://github.com/manas3c/CVE-POC

- https://github.com/mr-r3bot/Gitlab-CVE-2021-22205

- https://github.com/mr-tuhin/CVE-2021-22204-exiftool

- https://github.com/n0-traces/cve_monitor

- https://github.com/nitishbadole/oscp-note-3

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/oneoy/Gitlab-Exiftool-RCE

- https://github.com/oscpname/OSCP_cheat

- https://github.com/osungjinwoo/CVE-2021-22205-gitlab

- https://github.com/parth45/cheatsheet

- https://github.com/ph-arm/CVE-2021-22204-Gitlab

- https://github.com/pizza-power/Golang-CVE-2021-22205-POC

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/revanmalang/OSCP

- https://github.com/runsel/GitLab-CVE-2021-22205-

- https://github.com/sameep0/CVE-2021-22204

- https://github.com/se162xg/CVE-2021-22204

- https://github.com/soosmile/POC

- https://github.com/star-sg/CVE

- https://github.com/szTheory/exifcleaner

- https://github.com/trganda/CVE-2021-22204

- https://github.com/trganda/starrlist

- https://github.com/trhacknon/CVE2

- https://github.com/trhacknon/Pocingit

- https://github.com/txuswashere/OSCP

- https://github.com/tzwlhack/Vulnerability

- https://github.com/whoforget/CVE-POC

- https://github.com/x00tex/hackTheBox

- https://github.com/xhref/OSCP

- https://github.com/xqk/exifcleaner

- https://github.com/youwizard/CVE-POC

- https://github.com/zecool/cve