MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??
About this lesson
Try SquareX for free today! ๐ https://sqrx.io/db_yt In this video, we take a deep dive into the GitLab / ExifTool metadata parsing vulnerability, which enables attackers to gain access to GitLab servers via an RCE (remote code execution). Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in escape sequences, code evaluation, and character parsing is critical. JOIN THE DISCORD! ๐ https://discord.gg/WYqqp7DXbm 0:00 - Overview 0:26- Metadata 1:59 - DjVu 2:34 - C Escape Sequences 4:18 - Structure 11:14 - Exploit 13:45 - SquareX Hackerone report https://hackerone.com/reports/1154542 William Bowlingโs report https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html Vulnerable code https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm Patch https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031 SquareX socials: Twitter: https://twitter.com/getsquarex LinkedIn: https://www.linkedin.com/company/getsquarex/ Instagram: https://www.instagram.com/getsquarex/ Facebook: https://www.facebook.com/getsquarex Blog: https://labs.sqrx.com/ MUSIC CREDITS: LEMMiNO - Cipher https://www.youtube.com/watch?v=b0q5PR1xpA0 CC BY-SA 4.0 LEMMiNO - Firecracker https://www.youtube.com/watch?v=ulfoU2MziOc CC BY-SA 4.0 LEMMiNO - Nocturnal https://www.youtube.com/watch?v=epmoV2HRs9U CC BY-SA 4.0 LEMMiNO - Siberian https://www.youtube.com/watch?v=5py6E6yo7wk CC BY-SA 4.0 LEMMiNO - Encounters https://www.youtube.com/watch?v=xdwWCl_5x2s CC BY-SA 4.0 #programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #JPEG #encoding #lowlevelsecurity #zeroday #zero-day #cybersecurityexplained #bugbounty #memorymanagement #gitlab #security #cybersecurity #g
Original Description
Try SquareX for free today! ๐ https://sqrx.io/db_yt
In this video, we take a deep dive into the GitLab / ExifTool metadata parsing vulnerability, which enables attackers to gain access to GitLab servers via an RCE (remote code execution). Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in escape sequences, code evaluation, and character parsing is critical.
JOIN THE DISCORD! ๐ https://discord.gg/WYqqp7DXbm
0:00 - Overview
0:26- Metadata
1:59 - DjVu
2:34 - C Escape Sequences
4:18 - Structure
11:14 - Exploit
13:45 - SquareX
Hackerone report
https://hackerone.com/reports/1154542
William Bowlingโs report
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
Vulnerable code
https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm
Patch
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031
SquareX socials:
Twitter: https://twitter.com/getsquarex
LinkedIn: https://www.linkedin.com/company/getsquarex/
Instagram: https://www.instagram.com/getsquarex/
Facebook: https://www.facebook.com/getsquarex
Blog: https://labs.sqrx.com/
MUSIC CREDITS:
LEMMiNO - Cipher
https://www.youtube.com/watch?v=b0q5PR1xpA0
CC BY-SA 4.0
LEMMiNO - Firecracker
https://www.youtube.com/watch?v=ulfoU2MziOc
CC BY-SA 4.0
LEMMiNO - Nocturnal
https://www.youtube.com/watch?v=epmoV2HRs9U
CC BY-SA 4.0
LEMMiNO - Siberian
https://www.youtube.com/watch?v=5py6E6yo7wk
CC BY-SA 4.0
LEMMiNO - Encounters
https://www.youtube.com/watch?v=xdwWCl_5x2s
CC BY-SA 4.0
#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #JPEG #encoding #lowlevelsecurity #zeroday #zero-day #cybersecurityexplained #bugbounty #memorymanagement #gitlab #security #cybersecurity #g
Sign in to unlock AI tutor explanation ยท โก30
Overview
1:59
DjVu
2:34
C Escape Sequences
4:18
Structure
11:14
Exploit
13:45
SquareX
๐
Lesson complete!
You've started your journey. Consistency beats intensity โ come back tomorrow to keep your streak.
๐
Tutor Explanation