DOMPDF RCE II

Bookmarked!

This exercise covers the exploitation of a vulnerability in the DOMPDF library

PRO Medium 2-4 Hrs. 74 Media Badge

Course

In this challenge, you will learn how to exploit DOMPDF to gain remote code execution by injecting a malicious font via an HTML style tag. This lab is based on a blog post by Tanto Security and demonstrates how to bypass disabled remote asset downloading.

Skills covered

Injection Operating System Network

Included with PRO

Full course content 3 videos

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account