a5920da7af
10 changes to exploits/shellcodes/ghdb Ricoh Printer - Directory and File Exposure Blood Bank & Donor Management System using v2.2 - Stored XSS Equipment Rental Script-1.0 - SQLi Bank Locker Management System - SQL Injection Fundraising Script 1.0 - SQLi PHP Shopping Cart 4.2 - Multiple-SQLi 7 Sticky Notes v1.9 - OS Command Injection Typora v1.7.4 - OS Command Injection
18 lines
No EOL
670 B
Text
18 lines
No EOL
670 B
Text
# Exploit Title: Typora v1.7.4 - OS Command Injection
|
|
# Discovered by: Ahmet Ümit BAYRAM
|
|
# Discovered Date: 13.09.2023
|
|
# Vendor Homepage: http://www.typora.io
|
|
# Software Link: https://download.typora.io/windows/typora-setup-ia32.exe
|
|
# Tested Version: v1.7.4 (latest)
|
|
# Tested on: Windows 2019 Server 64bit
|
|
|
|
# # # Steps to Reproduce # # #
|
|
|
|
# Open the application
|
|
# Click on Preferences from the File menu
|
|
# Select PDF from the Export tab
|
|
# Check the “run command” at the bottom right and enter your reverse shell
|
|
command into the opened box
|
|
# Close the page and go back to the File menu
|
|
# Then select PDF from the Export tab and click Save
|
|
# Reverse shell is ready! |