AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Sample perl using exiftool4/17/2023 ![]() ![]() ![]() I started looking for places that performed file access but without much success. It turns out that it is written in Perl! I’ve never really used or reviewed Perl code before, but being a dynamic scripting language the majority of the general concepts were familiar. An older version was being used (11.70), so I thought maybe there could be some existing CVEs that could be abused, as parsing file formats is hard.Ī quick search showed only one old CVE from 2018, so decided to look at the source instead. I’d used ExifTool numerous times in the past but didn’t even know what language it was written in. While looking at one of my favourite bug bounty programs, I noticed they were using ExifTool to strip tags from uploaded images. ![]()
0 Comments
Read More
Leave a Reply. |