Reveal the unseen: Getting access to sensitive data with graphic file editing libraries

There is a wide variety of standards that allow adding additional info (commentaries) to media files. EXIF (Exchangeable Image File Format), Adobe XMP (eXtensible Metadata Platform), and PNG Text Chunks are but a small part of them. They are supposed to help add info about a copyright holder, date and time. But does the theory match reality?

With this report, we are going to overview widely-known tools that enable metadata extraction in the context of BugBounty websites and elaborate on the ways to automize the process.
It has been two years already since ImageTragick put the community into a flutter. Still, developers tend to trust the procedure of converting images of a user to the library. What data can an attacker pilfer without using external libraries? What is CVE-2018-16323 all about? How can one exploit the vulnerability? We will demonstrate all these to you through the case of a real web application.

Fedotkin Zakhar

Wrike

Fedotkin Zakhar (d4d) is a software security researcher with a 10-year experience in the security of end-to-end applications. He is focused on source code analysis at Wrike.

Social sharing

Like!