✉️ Get the 6th issue of the newsletter ✉️
https://mailing.bugbountyexplained.com/6

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

This video is an explanation of bug bounty report submitted to GitLab by William Bowling. The vulnerability was a remote code execution by a malicious image metadata. The bug existed in exiftool library and was assigned CVE-2021-22204.

Report:
https://hackerone.com/reports/1154542
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html

Reporter’s twitter:
https://twitter.com/wcbowling

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:54 What is metadata?
02:41 How exiftool handled “
06:16 The exploit

Add comment

Your email address will not be published. Required fields are marked *