# Exploit Title: Typora v1.7.4 - OS Command Injection # Discovered by: Ahmet Ümit BAYRAM # Discovered Date: 13.09.2023 # Vendor Homepage: http://www.typora.io # Software Link: https://download.typora.io/windows/typora-setup-ia32.exe # Tested Version: v1.7.4 (latest) # Tested on: Windows 2019 Server 64bit # # # Steps to Reproduce # # # # Open the application # Click on Preferences from the File menu # Select PDF from the Export tab # Check the “run command” at the bottom right and enter your reverse shell command into the opened box # Close the page and go back to the File menu # Then select PDF from the Export tab and click Save # Reverse shell is ready!