Skip to content

rvizx/CVE-2022-28368

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

README.md

README.md

 
 

dompdf-rce.py

dompdf-rce.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

CVE-2022-28368 - Dompdf RCE

Dompdf RCE PoC Exploit

alt text

ExploitDB

Dompdf versions <1.2.1 are vulnerable to Remote Code Execution (RCE) by injecting CSS into the data. The file can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it from the web.

Usage

git clone https://github.com/rvizx/CVE-2022-28368
cd  CVE-2022-28368
python3 -m pip install -r requirements.txt
python3 dompdf-rce.py --help

Credits & Notes

Positive Security - https://positive.security/blog/dompdf-rce

About

Dompdf RCE PoC Exploit - CVE-2022-28368

Topics

exploit cybersecurity dompdf cve-2022-28368

Resources

Readme
Activity

Stars

16 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages