CVE-2022-35914 PoC — GLPI 注入漏洞

Source

Associated Vulnerability

Description

𓃌 - htmlLawed 1.2.5 Remote code Execution

Readme

# Exploit Script Utility

![GitHub](https://img.shields.io/github/license/0romos/CVE-2022-35914)
![GitHub last commit](https://img.shields.io/github/last-commit/0romos/CVE-2022-35914)

## Overview

This repository contains a Python script designed to exploit CVE-2022-35914, a vulnerability in htmlLawed 1.2.5 that allows for Remote Code Execution (RCE). The script sends HTTP POST requests to a specified URL and executes arbitrary commands on the target system.

## CVE-2022-35914

- **Published**: 2022-09-15
- **CVE ID**: CVE-2022-35914
- **Impact**: Remote Code Execution
- **Affected Versions**: htmlLawed 1.2.5

## Usage

### Prerequisites

- Python 3.x
- Required Python packages (install using `pip install -r requirements.txt`)

### Running the Script

#### Single URL

To execute a command on a single target URL:

```bash
python3 exploit.py -u/--url <url> -c/--cmd <command>
```

## Fixes

To mitigate the vulnerability, it is recommended to update htmlLawed to a version that has addressed this vulnerability. Additionally, users should follow security best practices and regularly update their software to protect against known vulnerabilities.

## License

This project is licensed under the [MIT License](LICENSE).

File Snapshot

 [4.0K]  /data/pocs/6ab309a16653625de8aeb47cb749888903debf83
├── [1.0K]  LICENSE
├── [1.2K]  README.md
└── [4.0K]  src
    ├── [5.1K]  main.py
    └── [  25]  requirements.txt

1 directory, 4 files

Remarks