CVE-2021-23639 PoC — Markdown To Pdf 输入验证错误漏洞

Source

https://github.com/MohandAcherir/CVE-2021-23639

Associated Vulnerability

Title:Markdown To Pdf 输入验证错误漏洞 (CVE-2021-23639)
Description:Markdown To Pdf是德国Simon Hanisch个人开发者的一个简单且可破解的 Cli 工具。用于将 Markdown 转换为 pdf。 Markdown To Pdf 中存在输入验证错误漏洞，该漏洞源于产品在没有禁用JS引擎时使用gray-matter解析前端内容。攻击者可通过该漏洞执行远程代码执行。以下产品及版本受到影响：Simonhaenisch md-to-pdf 5.0.0 之前版本。

Description

Exploit of CVE-2021-23639 for the vulnerable library 'md-to-pdf' in JS

Readme

## Overview

md-to-pdf is a CLI tool for converting Markdown files to PDF.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.


### Usage: 

``` 
python3 cve-2021-23639.py targer_url command

```

### More

[Remote Code Execution (RCE) of md-to-pdf](https://security.snyk.io/vuln/SNYK-JS-MDTOPDF-1657880)

File Snapshot


 [4.0K]  /data/pocs/102293fd4cc0a0d1c84219b1b0effb906f6ac04d
├── [ 966]  cve-2021-23639.py
└── [ 440]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!