Typora v1.7.4 – OS Command Injection

  • 作者: Ahmet Ümit BAYRAM
    日期: 2024-01-29
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/51752/
  • # Exploit Title: Typora v1.7.4 - OS Command Injection
    # Discovered by: Ahmet Ümit BAYRAM
    # Discovered Date: 13.09.2023
    # Vendor Homepage: http://www.typora.io
    # Software Link: https://download.typora.io/windows/typora-setup-ia32.exe
    # Tested Version: v1.7.4 (latest)
    # Tested on: Windows 2019 Server 64bit
    
    # # #Steps to Reproduce # # #
    
    # Open the application
    # Click on Preferences from the File menu
    # Select PDF from the Export tab
    # Check the “run command” at the bottom right and enter your reverse shell
    command into the opened box
    # Close the page and go back to the File menu
    # Then select PDF from the Export tab and click Save
    # Reverse shell is ready!