Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-2383 PoC — dompdf 信息泄露漏洞

Source
https://github.com/Relativ3Pa1n/CVE-2014-2383-LFI-to-RCE-Escalation
Associated Vulnerability
Title:dompdf 信息泄露漏洞 (CVE-2014-2383)
Description:dompdf是一套HTML到PDF的转换工具。该工具采用样式驱动,支持下载并读取外部样式、整个样式标签和单个HTML元素的样式属性等。 dompdf 0.6.0:beta3及之前版本的dompdf.php文件中存在安全漏洞,当使用DOMPDF_ENABLE_PHP时,攻击者可借助PHP协议和‘input_file’参数利用该漏洞绕过改变根目录保护机制,读取任意文件。
File Snapshot

 [4.0K]  /data/pocs/6462f6207556e15e767a473c68898bf0fa4cbd6d
├── [ 70K]  Pastedimage20221220074517.png
├── [ 51K]  Pastedimage20221220074830.png
├── [ 24K]  Pastedimage20221221081319.png
├── [ 70K]  Pastedimage20221221083357.png
├── [ 87K]  Pastedimage20221221095422.png
├── [ 63K]  Pastedimage20221221095441.png
├── [ 35K]  Pastedimage20221221095821.png
├── [ 25K]  Pastedimage20221221100439.png
├── [183K]  Pastedimage20221221110358.png
├── [183K]  Pastedimage20221221110618.png
├── [ 22K]  Pastedimage20221221111344.png
├── [ 12K]  Pastedimage20221221111417.png
└── [5.5K]  readme.md

0 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.