2/16/2023 0 Comments Pdfcreator version 1.2.0* * = IMPORTANT = * Enabling this for documents you do not trust (e.g. ![]() CODE language-js - /** * Enable embedded PHP * * If this setting is set to true then DOMPDF will automatically evaluate * embedded PHP contained within. The first thing that caught our eye was the option to execute embedded PHP during PDF rendering, which, if enabled, would have made our job quite easy: At the time of disclosure, there are no known vulnerabilities for either version 0.8.5 or 1.2.0.)Īt this point, we shifted our attention to (), to see if we might be able to find a vulnerability that could get us further access to the server. ![]() (Note that the version actually in use on the client’s server was v0.8.5, but since the exploit path we will show here still works the same on the newest version v1.2.0, we will be using this version for the purpose of the article. We thus knew which HTML-to-PDF converter was used in the back-end (()), and at which version. Output of pdfinfo showing the PDF renderer used in the back-end
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |