2

[local] Typora v1.7.4 - OS Command Injection

 7 months ago
source link: https://www.exploit-db.com/exploits/51752
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Typora v1.7.4 - OS Command Injection

EDB-ID:

51752

EDB Verified:

Exploit:

  /  

Platform:

Windows

Date:

2024-01-29

Vulnerable App:

# Exploit Title: Typora v1.7.4 - OS Command Injection
# Discovered by: Ahmet Ümit BAYRAM
# Discovered Date: 13.09.2023
# Vendor Homepage: http://www.typora.io
# Software Link: https://download.typora.io/windows/typora-setup-ia32.exe
# Tested Version: v1.7.4 (latest)
# Tested on: Windows 2019 Server 64bit

# # #  Steps to Reproduce # # #

# Open the application
# Click on Preferences from the File menu
# Select PDF from the Export tab
# Check the “run command” at the bottom right and enter your reverse shell
command into the opened box
# Close the page and go back to the File menu
# Then select PDF from the Export tab and click Save
# Reverse shell is ready!

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK