CVE-2022-25765

This exploit demonstrates command injection in pdfkit versions 0.0.0 to 0.8.7.2 by crafting a malicious URL that executes arbitrary commands when processed by the vulnerable library. It supports both direct command execution and reverse shell payloads, with optional web-based delivery via POST requests.

This repository contains a Python-based exploit for CVE-2022-25765, a command injection vulnerability in the pdfkit Ruby gem. The exploit allows for custom command execution or reverse shell generation, targeting vulnerable versions of pdfkit (< 0.8.7.2).

This PoC demonstrates a command injection vulnerability in pdfkit versions before 0.8.6, where unsanitized URL input allows arbitrary command execution via a reverse shell. The exploit leverages Ruby's socket library to spawn a shell connected to a remote listener.

This PoC demonstrates a command injection vulnerability in pdfkit versions <0.8.6, where unsanitized URL input allows arbitrary command execution via a crafted HTTP request. The exploit uses a Ruby reverse shell payload to achieve RCE.

This is a functional exploit for CVE-2022-25765, a command injection vulnerability in pdfkit versions prior to 0.8.6. It crafts a malicious HTTP request with a reverse shell payload to achieve remote code execution on the target system.

This PoC exploits CVE-2022-25765, a blind RCE vulnerability in a Ruby-based application. It allows command execution or reverse shell establishment via crafted payloads sent to the target URL.

This repository contains a functional exploit for CVE-2022-25765, a command injection vulnerability in pdfkit (Ruby gem) versions < 0.8.7.2. The exploit leverages unsanitized URL input to execute arbitrary commands via shell metacharacters.

This repository contains a functional Python exploit for CVE-2022-25765, a command injection vulnerability in PDFKit versions < 0.8.7.2. The exploit leverages improper URL sanitization to inject shell commands via backticks, resulting in remote code execution.

This PoC demonstrates a command injection vulnerability in pdfkit (CVE-2022-25765) where unsanitized URLs passed to wkhtmltopdf allow arbitrary command execution via shell metacharacters. The exploit supports both direct command execution and reverse shell payloads.

This is a functional exploit for CVE-2022-25765, targeting a command injection vulnerability in PDFKit versions < 0.8.7.2. It leverages improper URL sanitization to execute arbitrary commands via shell metacharacters, resulting in a reverse shell.

This repository contains a functional Python script that exploits CVE-2022-25765, a blind RCE vulnerability in pdfkit v0.8.6. The exploit sends a crafted HTTP POST request with a malicious URL parameter to execute arbitrary commands on the target system.

This PoC demonstrates a command injection vulnerability in the pdfkit package where unsanitized URL input allows arbitrary command execution. The exploit uses a crafted HTTP request to trigger a reverse shell via bash.

This is an incomplete exploit script for CVE-2022-25765, a Ruby PDFKit RCE vulnerability. It only includes argument parsing and lacks the actual exploitation logic.