Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Universal XSS with PDF files: highly dangerous

From: Kristina Lein <kristina () jes ee>
Date: Fri, 5 Jan 2007 15:53:30 +0200
On Wednesday 03 January 2007 04:20, pdp (architect) wrote:

I will be very quick and just point to links where you can read about
this issue.

It seams that PDF documents can execute JavaScript code for no
apparent reason by using the following template:

   
http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_her
e

You must understand that the attacker doesn't need to have write
access to the specified PDF document. In order to get an XSS vector
working you need to have a PDF file hosted on the target and that's
all about it. The rest is just a matter of your abilities and desires.


Even more, maybe it is possible to modify content of PDF with this method. 
Some way (I have not tried though) described here;

http://www.planetpdf.com/developer/article.asp?ContentID=6904

Need to write POC

Also I have to tell that my firefox crashed when I appended some random 
document.write('foobar') to exploit. I suppose it wrote it to PDF memory?! In 
this case we maybe can also execute code? Scary.

  Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: