exploitdb
WORKING POC
by UNICORD · pythonlocallinux
https://www.exploit-db.com/exploits/50911
This exploit leverages CVE-2021-22204 in ExifTool to achieve arbitrary code execution by embedding a malicious DjVu file within a JPEG image. The payload is executed when ExifTool parses the crafted image.
Classification
Working Poc 100%
Target:
ExifTool versions 7.44-12.23
No auth needed
Prerequisites:
ExifTool installed on the target system · Ability to deliver the crafted image to the target
nomisec
WORKING POC
94 stars
by convisolabs · client-side
https://github.com/convisolabs/CVE-2021-22204-exiftool
This repository contains a functional Python exploit for CVE-2021-22204, which leverages a command injection vulnerability in ExifTool via maliciously crafted metadata in an image file. The exploit generates a malicious image that, when processed by a vulnerable ExifTool instance, executes a reverse shell payload.
Classification
Working Poc 95%
Target:
ExifTool (versions prior to the patch for CVE-2021-22204)
No auth needed
Prerequisites:
ExifTool installed on the target system · Ability to deliver the malicious image to the target · Network connectivity for reverse shell callback
nomisec
WORKING POC
50 stars
by UNICORDev · local
https://github.com/UNICORDev/exploit-CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, which targets ExifTool versions 7.44 to 12.23. The exploit generates a malicious JPEG image with embedded DjVu metadata to achieve arbitrary code execution when parsed by a vulnerable ExifTool instance.
Classification
Working Poc 95%
Target:
ExifTool 7.44-12.23
No auth needed
Prerequisites:
Python3 · djvulibre-bin · ExifTool
nomisec
WORKING POC
28 stars
by AssassinUKG · poc
https://github.com/AssassinUKG/CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, which leverages improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up to achieve arbitrary code execution. The script generates a malicious DjVu file embedded within a JPEG, which executes Perl code when parsed by a vulnerable ExifTool instance.
Classification
Working Poc 95%
Target:
ExifTool versions 7.44 and up
No auth needed
Prerequisites:
djvulibre-bin installed · vulnerable ExifTool version
nomisec
WORKING POC
12 stars
by se162xg · client-side
https://github.com/se162xg/CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, a vulnerability in ExifTool. The script crafts a malicious DjVu file that, when processed by ExifTool, executes arbitrary commands.
Classification
Working Poc 95%
Target:
ExifTool versions 7.44 to 12.23
No auth needed
Prerequisites:
ExifTool installed on the target system · Ability to deliver the crafted DjVu file to the target
nomisec
WORKING POC
8 stars
by bilkoh · client-side
https://github.com/bilkoh/POC-CVE-2021-22204
This repository contains a functional Perl script that generates a malicious DjVu image file exploiting CVE-2021-22204 in ExifTool. The script injects arbitrary commands into the image metadata, which are executed when processed by a vulnerable ExifTool instance.
Classification
Working Poc 95%
Target:
ExifTool (versions before 12.24)
No auth needed
Prerequisites:
DjVuLibre installed and in PATH · Vulnerable ExifTool version
nomisec
WORKING POC
4 stars
by Akash7350 · client-side
https://github.com/Akash7350/CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, which targets ExifTool to achieve arbitrary code execution via a crafted JPEG image payload. The exploit generates a malicious image that, when processed by a vulnerable ExifTool version, executes a provided command or reverse shell.
Classification
Working Poc 90%
Target:
ExifTool (versions prior to 12.24)
No auth needed
Prerequisites:
Vulnerable ExifTool installation · Ability to deliver crafted JPEG image to target
nomisec
WRITEUP
3 stars
by trganda · poc
https://github.com/trganda/CVE-2021-22204
This repository provides a detailed technical analysis of CVE-2021-22204, an ExifTool remote code execution vulnerability. It includes a step-by-step breakdown of the exploit process, Perl code analysis, and explanations of the DjVu file format manipulation required to trigger the vulnerability.
Classification
Writeup 95%
Target:
ExifTool < 12.24
No auth needed
Prerequisites:
ExifTool version < 12.24 · Ability to upload a malicious DjVu file
nomisec
WORKING POC
3 stars
by PenTestical · poc
https://github.com/PenTestical/CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, a remote code execution vulnerability in ExifTool. The exploit creates a malicious DJVU file that, when processed by ExifTool, executes a reverse shell to an attacker-controlled IP.
Classification
Working Poc 95%
Target:
ExifTool (versions prior to 12.24)
No auth needed
Prerequisites:
ExifTool installed on the target system · ExifTool executed with sufficient privileges (e.g., sudo) · Attacker-controlled IP for reverse shell
nomisec
WORKING POC
2 stars
by ph-arm · remote-auth
https://github.com/ph-arm/CVE-2021-22204-Gitlab
This repository contains a functional exploit for CVE-2021-22204, leveraging a vulnerability in ExifTool's DjVu module to achieve remote code execution (RCE) on GitLab instances prior to version 13.10.3. The exploit crafts a malicious JPEG file using djvumake and uploads it to trigger command execution.
Classification
Working Poc 95%
Target:
GitLab < 13.10.3
Auth required
Prerequisites:
djvulibre-bin installed on attacker's machine · valid GitLab credentials · ability to upload files to GitLab
nomisec
WORKING POC
by Roronoawjd · local
https://github.com/Roronoawjd/CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, an arbitrary command execution vulnerability in ExifTool. The exploit generates a malicious image file that, when processed by ExifTool, executes a reverse shell payload.
Classification
Working Poc 95%
Target:
ExifTool (versions prior to 12.23)
No auth needed
Prerequisites:
Docker environment · ExifTool installed on target system
nomisec
WORKING POC
by cc3305 · client-side
https://github.com/cc3305/CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, which leverages improper sanitization in ExifTool to achieve arbitrary code execution via a malicious DjVu file embedded in an image. The script automates the creation of a malicious image file that triggers the vulnerability when processed by ExifTool.
Classification
Working Poc 95%
Target:
ExifTool versions 7.44 to 12.23
No auth needed
Prerequisites:
djvulibre-bin · exiftool · bzz · djvumake
nomisec
WORKING POC
by battleofthebots · client-side
https://github.com/battleofthebots/dejavu
This repository contains a functional exploit for CVE-2021-22204, which leverages an unsafe eval in ExifTool's DjVu module to achieve remote code execution. The exploit involves hosting a malicious image file and tricking the vulnerable application into processing it, leading to arbitrary command execution.
Classification
Working Poc 95%
Target:
ExifTool (versions with vulnerable DjVu module)
No auth needed
Prerequisites:
Vulnerable ExifTool version · Ability to host a malicious image file · Network access to the target application
nomisec
WORKING POC
by Asaad27 · poc
https://github.com/Asaad27/CVE-2021-22204-RSE
This repository contains a functional exploit for CVE-2021-22204, leveraging a vulnerability in ExifTool to execute arbitrary code via crafted DjVu files. The Dockerfile automates the setup of the environment and generates malicious DjVu files with embedded payloads.
Classification
Working Poc 90%
Target:
ExifTool (libimage-exiftool-perl)
No auth needed
Prerequisites:
Docker environment · ExifTool installed
vulncheck_xdb
WORKING POC
local
https://github.com/BBurgarella/An-Ethical-Hacking-Journey
The repository contains a Python script designed to embed reverse shell payloads into images, exploiting text recognition vulnerabilities. It includes functionality to generate images with payloads and supports base64 encoding, font customization, and fuzzing for OCR evasion.
Classification
Working Poc 90%
Target:
Systems vulnerable to text recognition exploits (e.g., OCR-based applications)
No auth needed
Prerequisites:
Listener IP and port · Payload text file · Target system with vulnerable text recognition
vulncheck_xdb
WORKING POC
local
https://github.com/mr-tuhin/CVE-2021-22204-exiftool
This repository contains a functional Python exploit for CVE-2021-22204, a vulnerability in ExifTool. The exploit generates a malicious image file (image.jpg) that triggers arbitrary code execution when processed by a vulnerable version of ExifTool.
Classification
Working Poc 95%
Target:
ExifTool (versions prior to 12.30)
No auth needed
Prerequisites:
Python 3 · djvulibre-bin · ExifTool (vulnerable version) · network connectivity for reverse shell
vulncheck_xdb
WORKING POC
client-side
https://github.com/0xBruno/CVE-2021-22204
This repository contains a functional exploit for CVE-2021-22204, an RCE vulnerability in ExifTool. The exploit crafts a malicious DjVu file with embedded Perl code to achieve remote command execution when processed by a vulnerable ExifTool instance.
Classification
Working Poc 95%
Target:
ExifTool (versions prior to 12.30)
No auth needed
Prerequisites:
vulnerable ExifTool installation · ability to pass a malicious file to the target
metasploit
WORKING POC
EXCELLENT
by William Bowling, Justin Steven · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/exiftool_djvu_ant_perl_injection.rb
This Metasploit module exploits a Perl injection vulnerability in ExifTool (CVE-2021-22204) by embedding malicious DjVu ANT metadata in image files (JPEG, TIFF, or DjVu). The payload executes arbitrary commands via Perl backticks when the file is processed by ExifTool.
Classification
Working Poc 100%
Target:
ExifTool versions 7.44 through 12.23
No auth needed
Prerequisites:
ExifTool installed on target system · Ability to deliver crafted image file to target