webPromedium
Lab 314 — PixVault — ExifTool DjVu RCE via Image Upload
hackadvisor
Task: Media storage platform with server-side ExifTool metadata stripping on uploaded images, plus URL import feature. Solution: exploit CVE-2021-22204 (ExifTool DjVu Perl code injection) via malicious JPEG with embedded DjVu payload in HasselbladExif tag, confirm blind RCE with sleep timing, then exfiltrate flag via SSRF using file:// protocol in the URL import endpoint.
$ ls tags/ techniques/
ssrfrcefile_uploadexiftoolnginxblind_rceimage_processingfile_protocolcve_2021_22204djvuhoneypot_flagperl_injectionhasselblad_exif
exiftool_djvu_rcehoneypot_decoy_flag_recognitionjpeg_djvu_polyglotblind_rce_time_basedssrf_file_protocol
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 342 — CloudVault — Stored XSS via Malicious SVG Upload— hackadvisor
- [web][Pro]Lab 307 — CrewHub — File Upload RCE via Polyglot JPG/PHP— hackadvisor
- [web][Pro]Lab 49 — PixelVault — Stored XSS via Malicious SVG Upload— hackadvisor
- [web][Pro]Lab 82 — PixelVault — SQL Injection via User-Agent in Activity Logging— hackadvisor
- [web][Pro]Lab 94 — MediaForge — ImageMagick Command Injection via File Upload (ImageTragick)— hackadvisor