Universal XSS In PDF

Posted on June 5th, 2008

generic dvd codeMore XSS (Cross-site Scripting) fun! After yesterday’s post I realized that not everyone reads hacker blogs so I feel it as my duty to post it here. Stefano Di Paola and Giorgio Fedon have found a universal XSS in PDF. RSnake found also a vulnerability on local PDF file execution. This is bad people; Every server in this universe that host PDF files can be used by phishers to execute XSS in the users browser, and that’s a lot. Adobe has issued a patch which you can download. So go upgrade your PDF reader. I show you the way how it is being done here:

Normal PDF:
http://www.domain.com/nicefile.pdf

XSS PDF:
http://www.domain.com/nicefile.pdf#blah=javascript:alert(’XSS’);

Source

Filed under: exploit, hax, security

Stumble It
Add to Del.icio.us

Did you like this post?

Digging and sharing is a great way to say thanks!

« Prevent XSS and SQL Injection Worldwide Spam Hits Highest Rate in 15 Months »

Leave a Reply

© 2008 twinturbo.org. All Rights Reserved.
30 queries. 1.129 seconds. | ¯\(°_o)/¯
Word to our gui, os, http server, database, and scripting language. lamp-for-life.