Description
This module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/unix/fileformat/exiftool_djvu_ant_perl_injectionmsf undefined(exiftool_djvu_ant_perl_injection) > show actions ...actions...msf undefined(exiftool_djvu_ant_perl_injection) > set ACTION < action-name >msf undefined(exiftool_djvu_ant_perl_injection) > show options ...show and set options...msf undefined(exiftool_djvu_ant_perl_injection) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub