June 16, 2026
Webverse-Pro PhotoStore
lab write-up
0zex
1 min read
Discovery:
as you can see ,after the processing-engine processes the image ,it reflects two major fileds : imag_description & metadata processed
- the next step is to manipulate the image's metadata ,specifically the image_description using exiftool:
we injected the shell code: "pwd" into the image's metadata :
as you can see ,the metadata didn't get processed ,meaning our code is not passed into a shell directly .
next :
we try injecting a system("our command") which opens a sub-shell which is OS-specific , and then run "our command" directly .
then:
we confirmed the vulnerability .now all we must to is get the flag.
we've achieved our goal.
Note:
before a new metadata injection using exiftool ,make sure to remove your recent injection simply using :
exiftool -ImageDescription="" yourimage.pngexiftool -ImageDescription="" yourimage.png