Exploitation Summary
EIP tracks 6 public exploits for CVE-2022-23935. PoCs published by BKreisel, cowsecurity, dpbe32.
AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2022-23935, which targets ExifTool versions below 12.38. The exploit generates a malicious JPEG file that, when processed by ExifTool, triggers a reverse shell to a specified IP and port.
Description
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
Exploits (6)
This repository contains a Python-based exploit for CVE-2022-23935, which targets ExifTool versions below 12.38. The exploit generates a malicious JPEG file that, when processed by ExifTool, triggers a reverse shell to a specified IP and port.
This PoC exploits CVE-2022-23935 in ExifTool 12.37 by generating a malicious image file with a crafted filename that executes a reverse shell when processed. The exploit uses base64 encoding to obfuscate the payload and establishes a listener for the reverse connection.
This PoC exploits CVE-2022-23935 in ExifTool 12.37 by renaming a file to execute a base64-encoded command, achieving remote code execution. The script requires root privileges to function as intended.
This repository contains a functional exploit for CVE-2022-23935, targeting ExifTool version 12.37. The exploit generates a malicious image file that, when processed by ExifTool, executes a reverse shell to the attacker's specified IP and port.
This PoC exploits CVE-2022-23935 in ExifTool by embedding a base64-encoded reverse shell payload in an image file's metadata. The exploit generates a malicious image and starts a listener to receive the shell connection.
This repository contains a functional exploit for CVE-2022-23935, targeting ExifTool version 12.37. The exploit generates a malicious image file with a crafted filename that, when processed by ExifTool, executes a reverse shell to the attacker's specified IP and port.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H