| Sunday December 21st 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Universal XSS In PDF


generic dvd codeMore XSS (Cross-site Scripting) fun! After yesterday’s post I realized that not everyone reads hacker blogs so I feel it as my duty to post it here. Stefano Di Paola and Giorgio Fedon have found a universal XSS in PDF. RSnake found also a vulnerability on local PDF file execution. This is bad people; Every server in this universe that host PDF files can be used by phishers to execute XSS in the users browser, and that’s a lot. Adobe has issued a patch which you can download. So go upgrade your PDF reader. I show you the way how it is being done here:

Normal PDF:

http://www.domain.com/nicefile.pdf

XSS PDF:

http://www.domain.com/nicefile.pdf#blah=javascript:alert(‘XSS’);

Source

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.