Syntax Error Trying To Designate file

Question

Syntax Error Trying To Designate file

AshtonFM opened this issue 2 years ago · comments

C:\Users\ashto\Downloads\exiftool-12.39>exiftool -Comment="alert('$message');";} function_alert("Test"); ?>" 2.png
The system cannot find the file specified.

I am trying to make the image run a command through firefox console for a test and I am getting this error because I can't explicitly designate a file to a argument due to windows shell.

StarGeekSpaceNerd · Answer 1 · Sun Jan 23 2022 13:07:25 GMT+0800 (China Standard Time)

The problem appears to be that you are trying to embed double quotes without escaping them. Normally, you can escape a double quote by using a backslash \" or three double quotes """ but for some reason that double quote between the two semicolons is messing things up.

I'd suggest using the -E (-escapeHTML) option and replace the double quotes with "

Example:

C:\>exiftool -Comment="alert('$message');&quot;;} function_alert(&quot;Test&quot;); >;" -E  Y:\!temp\HashTest\Test.png 
    1 image files updated

C:\>exiftool -G1 -a -s -comment Y:\!temp\HashTest\Test.png
[PNG]           Comment                         : alert('$message');";} function_alert("Test"); >;

Ashton · Answer 2 · Sun Jan 23 2022 23:51:26 GMT+0800 (China Standard Time)

The problem appears to be that you are trying to embed double quotes without escaping them. Normally, you can escape a double quote by using a backslash \" or three double quotes """ but for some reason that double quote between the two semicolons is messing things up.

I'd suggest using the -E (-escapeHTML) option and replace the double quotes with "

Example:
C:\>exiftool -Comment="alert('$message');&quot;;} function_alert(&quot;Test&quot;); >;" -E  Y:\!temp\HashTest\Test.png 
    1 image files updated

C:\>exiftool -G1 -a -s -comment Y:\!temp\HashTest\Test.png
[PNG]           Comment                         : alert('$message');";} function_alert("Test"); >;

That fixed it but I still can't figure out a way to make it execute

StarGeekSpaceNerd · Answer 3 · Mon Jan 24 2022 00:04:18 GMT+0800 (China Standard Time)

That fixed it but I still can't figure out a way to make it execute

That's beyond the scope of exiftool. You'll have to check a forum more related to what you're trying to do. I know this situation pops up on reddit from time to time, but I can't remember what the subreddit is. You might try /r/HowToHack/ /r/HackingSimplified/ or /r/netsec/

Ashton · Answer 4 · Mon Jan 24 2022 00:04:54 GMT+0800 (China Standard Time)

Ah alright thanks