Typora 1.7.4 Command Injection

Typora 1.7.4 Command Injection: Posted Feb 2, 2024; Authored by Ahmet Umit Bayram; Typora version 1.7.4 suffers from a command injection vulnerability.; tags | exploit; SHA-256 | d9a8303041fe933057079d7b5819ba2a1d470244be63a85e854c72582cdc68c4; Download | Favorite | View

Typora 1.7.4 Command Injection

# Exploit Title: Typora v1.7.4 - OS Command Injection
# Discovered by: Ahmet Ümit BAYRAM
# Discovered Date: 13.09.2023
# Vendor Homepage: http://www.typora.io
# Software Link: https://download.typora.io/windows/typora-setup-ia32.exe
# Tested Version: v1.7.4 (latest)
# Tested on: Windows 2019 Server 64bit

# # #  Steps to Reproduce # # #

# Open the application
# Click on Preferences from the File menu
# Select PDF from the Export tab
# Check the “run command” at the bottom right and enter your reverse shell
command into the opened box
# Close the page and go back to the File menu
# Then select PDF from the Export tab and click Save
# Reverse shell is ready!

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Typora 1.7.4 Command Injection

Typora 1.7.4 Command Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Typora 1.7.4 Command Injection

Share This

Typora 1.7.4 Command Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems