Cross-platform desktop GUI app to clean image metadata
MIT License
Bot releases are visible (Hide)
exiftool
HTML output in the UI. To take advantage of this, an attacker would have had to write image metadata containing malicious script code to a file that you then download and run through ExifCleaner. Proofs of concept:XSS:
exiftool -Comment='<img src=x onerror=alert("ok") /><b>OverJT</b>' -PixelUnits='meters' image.png
Electron reverse shell:
exiftool -Comment='<img src=x onerror=window.require("child_process").exec("/usr/bin/firefox") /><b>OverJT</b>' -PixelUnits='meters' image.png
Published by szTheory over 3 years ago
Published by szTheory over 3 years ago
If you are running a previous version of ExifCleaner, update immediately due to a security vulnerability found in exiftool (the command-line tool that ExifCleaner uses under the hood). Thank you to all contributors for this release. As always, credits are listed in the README.
Published by szTheory about 4 years ago
exiftool
process keep-alive)https://github.com/szTheory/exifcleaner/compare/v3.2.0...v3.3.1
https://github.com/szTheory/exifcleaner/compare/v3.2.0...v3.3.0
Published by szTheory over 4 years ago
https://github.com/szTheory/exifcleaner/compare/v3.1.0...v3.2.0
https://github.com/szTheory/exifcleaner/compare/v3.0.0...v3.1.0
https://github.com/szTheory/exifcleaner/compare/v2.1.0...v3.0.0
https://github.com/szTheory/exifcleaner/compare/v2.0.0...v2.1.0
https://github.com/szTheory/exifcleaner/compare/v1.5.1...v2.0.0
https://github.com/szTheory/exifcleaner/compare/v1.5.0...v1.5.1
https://github.com/szTheory/exifcleaner/compare/v1.4.0...v1.5.0
https://github.com/szTheory/exifcleaner/compare/v1.3.5...v1.4.0
https://github.com/szTheory/exifcleaner/compare/v1.3.4...v1.3.5
https://github.com/szTheory/exifcleaner/compare/v1.3.2...v1.3.3
Published by szTheory almost 5 years ago
Published by szTheory almost 5 years ago
Published by szTheory almost 5 years ago